2012年11月14日水曜日
14日 水曜日、仏滅
+ 2012 年 11 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-nov
+ MS12-071 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2761451)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4775
+ MS12-072 - 緊急 Windows シェルの脆弱性により、リモートでコードが実行される (2727528)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1528
+ MS12-073 - 警告 Microsoft インターネット インフォメーション サービス (IIS) の脆弱性により、情報漏えいが起こる (2733829)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2532
+ MS12-074 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (2745030)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4777
+ MS12-075 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (2761226)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897
+ MS12-076 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2720184)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2543
+ RHSA-2012:1459 Low: nspluginwrapper security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2486
+ RHSA-2012:1386 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089
+ nginx-1.2.5 stable version released
http://nginx.org/en/download.html
+ CESA-2012:1459 Low CentOS 6 nspluginwrapper Update
http://lwn.net/Alerts/524724/
+ CESA-2012:1455 Moderate CentOS 6 gegl Update
http://lwn.net/Alerts/524709/
+ UPDATE: Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos
+ UPDATE: Microsoft Security Advisory (2749655) Compatibility Issues Affecting Signed Microsoft Binaries
http://technet.microsoft.com/en-us/security/advisory/2749655
+ UPDATE: Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2269637
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2749655) 署名されたマイクロソフト バイナリに影響を与える互換性の問題
http://technet.microsoft.com/ja-jp/security/advisory/2749655
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2269637) セキュリティで保護されていないライブラリのロードにより、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2269637
+ RHSA-2012:1445 Low: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1445.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100
+ MySQL 5.6.8 Development released
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-8.html
Security issue in SSL VPN On-Demand applications
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410&src=securityAlerts
ウイルスバスター2011 クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1858
Shh/Updater-B: Identifying and fixing affected non-Sophos applications
http://www.sophos.com/en-us/support/knowledgebase/118348.aspx
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00048.html
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00045.html
Weak password encryption on Huawei products
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00044.html
Reflective XSS in uk cookie plugin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00049.html
Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00046.html
Eventy CMS v1.8 Plus - Multiple Web Vulnerablities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00043.html
[DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00042.html
社員がiPadの利用目的と予想される効果を提案
http://itpro.nikkeibp.co.jp/article/JIREI/20121112/436625/?ST=security
三菱東京UFJ銀行が約560万人分の取引履歴情報を紛失、誤廃棄の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436948/?ST=security
シマンテックが法人向け「SEP11」の脆弱性緩和策を公表、パッチも提供予定
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436941/?ST=security
シマンテック、国内にセキュリティ監視センターを開設
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436823/?ST=security
ソフォスがLinux/UNIX向けマルウエア対策製品の新版を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436801/?ST=security
「ユーザー情報の更新手続きを」、三井住友銀行をかたるフィッシング
偽サイトでは全ての暗証番号を要求、フィッシング対策協議会が警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436642/?ST=security
JVNVU#611988 Vanilla Forums にアクセス制限不備の脆弱性
http://jvn.jp/cert/JVNVU611988/
Iceape Security Denial Of Service And Remote Arbitrary Code Execution Vulnerabilities
http://www.securiteam.com/securitynews/6R0360K61S.html
Microsoft November 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=14503
Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
http://www.securitytracker.com/id/1027753
Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027752
Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
http://www.securitytracker.com/id/1027751
Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges
http://www.securitytracker.com/id/1027750
Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027749
Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027748
Microsoft Internet Information Services Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/51235/
Microsoft .NET Framework Multiple Vulnerabilities
http://secunia.com/advisories/51236/
Microsoft Windows Kernel-Mode Drivers Three Vulnerabilities
http://secunia.com/advisories/51239/
Microsoft Office Excel Multiple Vulnerabilities
http://secunia.com/advisories/51242/
Microsoft Windows Briefcase Integer Underflow and Overflow Vulnerabilities
http://secunia.com/advisories/51221/
Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities
http://secunia.com/advisories/51202/
Citrix XenServer Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51214/
Eventy Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51246/
WordPress Carousel Slideshow Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51250/
Xen Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51200/
WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51249/
Ubuntu update for libav
http://secunia.com/advisories/51257/
Ubuntu update for libproxy
http://secunia.com/advisories/51258/
UnrealIRCd Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/51266/
gatling FTP Mode Directory Traversal Vulnerability
http://secunia.com/advisories/51255/
Red Hat update for gegl
http://secunia.com/advisories/51274/
Java Applet JAX-WS Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110079
Jira Scriptrunner 2.0.7 <= CSRF/RCE
http://cxsecurity.com/issue/WLB-2012110078
HT Editor 2.0.20 Buffer Overflow (ROP PoC)
http://cxsecurity.com/issue/WLB-2012110077
P3 Technologie SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110076
CKFinder 2.3 & FCKEditor 2.6.8 SWF Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110075
IDIC Blogs Shell Upload
http://cxsecurity.com/issue/WLB-2012110074
WordPress Related Posts Exit Popup SQL Injection
http://cxsecurity.com/issue/WLB-2012110073
Gajim SSL Failed Checks
http://cxsecurity.com/issue/WLB-2012110072
Google Chrome Prior to 22.0.1229.79 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55676
GEGL CVE-2012-4433 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56404
WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482
Oracle Solaris CVE-2012-3209 Local Security Vulnerability
http://www.securityfocus.com/bid/56074
IcedTea-Web CVE-2012-4540 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56434
Oracle Database 'CTXSYS.CONTEXT' Index Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54884
Oracle Solaris CVE-2012-3187 Local Security Vulnerability
http://www.securityfocus.com/bid/56060
Oracle Solaris CVE-2012-3211 Local Security Vulnerability
http://www.securityfocus.com/bid/56049
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
Oracle Solaris CVE-2012-3212 Local Security Vulnerability
http://www.securityfocus.com/bid/56038
Oracle Solaris CVE-2012-3207 Local Security Vulnerability
http://www.securityfocus.com/bid/56062
Oracle Solaris CVE-2012-3215 Local Security Vulnerability
http://www.securityfocus.com/bid/56012
Oracle Solaris CVE-2012-3208 Local Security Vulnerability
http://www.securityfocus.com/bid/56069
Oracle Solaris CVE-2012-3199 Local Security Vulnerability
http://www.securityfocus.com/bid/56052
Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054
Eventy CMS Cross Site Scripting, HTML Injection, and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56493
UnrealIRCd Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/56492
Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56464
Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56463
Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56462
Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56457
Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56456
Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56455
Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56448
Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2530 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56447
Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56442
Microsoft IIS FTP Service CVE-2012-2532 Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56440
Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56439
Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56431
Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56430
Microsoft Excel CVE-2012-1886 Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56426
Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56425
Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56424
Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56422
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56421
Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56420
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿