:: IT Security Neophyte Investigator's MEMO ::: 14日水曜日、仏滅

2012年11月14日水曜日

14日水曜日、仏滅

+ 2012 年 11 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-nov

+ MS12-071 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2761451)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4775

+ MS12-072 - 緊急 Windows シェルの脆弱性により、リモートでコードが実行される (2727528)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1528

+ MS12-073 - 警告 Microsoft インターネットインフォメーションサービス (IIS) の脆弱性により、情報漏えいが起こる (2733829)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2532

+ MS12-074 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (2745030)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4777

+ MS12-075 - 緊急 Windows カーネルモードドライバーの脆弱性により、リモートでコードが実行される (2761226)
https://technet.microsoft.com/ja-jp/security/bulletin/ms12-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2897

+ MS12-076 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2720184)
http://technet.microsoft.com/ja-jp/security/bulletin/ms12-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2543

+ RHSA-2012:1459 Low: nspluginwrapper security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2486

+ RHSA-2012:1386 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-1386.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5089

+ nginx-1.2.5 stable version released
http://nginx.org/en/download.html

+ CESA-2012:1459 Low CentOS 6 nspluginwrapper Update
http://lwn.net/Alerts/524724/

+ CESA-2012:1455 Moderate CentOS 6 gegl Update
http://lwn.net/Alerts/524709/

+ UPDATE: Cisco IronPort Appliances Sophos Anti-Virus Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos

+ UPDATE: Microsoft Security Advisory (2749655) Compatibility Issues Affecting Signed Microsoft Binaries
http://technet.microsoft.com/en-us/security/advisory/2749655

+ UPDATE: Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2269637

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2749655) 署名されたマイクロソフトバイナリに影響を与える互換性の問題
http://technet.microsoft.com/ja-jp/security/advisory/2749655

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2269637) セキュリティで保護されていないライブラリのロードにより、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2269637

+ RHSA-2012:1445 Low: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1445.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100

+ MySQL 5.6.8 Development released
http://dev.mysql.com/doc/refman/5.6/en/news-5-6-8.html

Security issue in SSL VPN On-Demand applications
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410&src=securityAlerts

ウイルスバスター2011 クラウドプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1858

Shh/Updater-B: Identifying and fixing affected non-Sophos applications
http://www.sophos.com/en-us/support/knowledgebase/118348.aspx

Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00048.html

[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00045.html

Weak password encryption on Huawei products
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00044.html

Reflective XSS in uk cookie plugin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00049.html

Zoner Photo Studio v15 b3 - Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00046.html

Eventy CMS v1.8 Plus - Multiple Web Vulnerablities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00043.html

[DC-2012-11-001] DefenseCode ThunderScan PHP Advisory: Wordpress WP e-Commerce Plugi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00042.html

社員がiPadの利用目的と予想される効果を提案
http://itpro.nikkeibp.co.jp/article/JIREI/20121112/436625/?ST=security

三菱東京UFJ銀行が約560万人分の取引履歴情報を紛失、誤廃棄の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436948/?ST=security

シマンテックが法人向け「SEP11」の脆弱性緩和策を公表、パッチも提供予定
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436941/?ST=security

シマンテック、国内にセキュリティ監視センターを開設
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436823/?ST=security

ソフォスがLinux/UNIX向けマルウエア対策製品の新版を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436801/?ST=security

「ユーザー情報の更新手続きを」、三井住友銀行をかたるフィッシング
偽サイトでは全ての暗証番号を要求、フィッシング対策協議会が警告
http://itpro.nikkeibp.co.jp/article/NEWS/20121113/436642/?ST=security

JVNVU#611988 Vanilla Forums にアクセス制限不備の脆弱性
http://jvn.jp/cert/JVNVU611988/

Iceape Security Denial Of Service And Remote Arbitrary Code Execution Vulnerabilities
http://www.securiteam.com/securitynews/6R0360K61S.html

Microsoft November 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=14503

Microsoft .NET Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
http://www.securitytracker.com/id/1027753

Microsoft Excel Buffer Overflow, Memory Corruption, and Use-After-Free Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027752

Microsoft Internet Information Server (IIS) FTP Server Lets Remote Users Obtain Files and Local Users Obtain Passwords
http://www.securitytracker.com/id/1027751

Windows Kernel Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Obtain Elevated Privileges
http://www.securitytracker.com/id/1027750

Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027749

Windows Shell Briefcase Integer Overflow and Underflow Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027748

Microsoft Internet Information Services Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/51235/

Microsoft .NET Framework Multiple Vulnerabilities
http://secunia.com/advisories/51236/

Microsoft Windows Kernel-Mode Drivers Three Vulnerabilities
http://secunia.com/advisories/51239/

Microsoft Office Excel Multiple Vulnerabilities
http://secunia.com/advisories/51242/

Microsoft Windows Briefcase Integer Underflow and Overflow Vulnerabilities
http://secunia.com/advisories/51221/

Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities
http://secunia.com/advisories/51202/

Citrix XenServer Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51214/

Eventy Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51246/

WordPress Carousel Slideshow Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51250/

Xen Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/51200/

WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/51249/

Ubuntu update for libav
http://secunia.com/advisories/51257/

Ubuntu update for libproxy
http://secunia.com/advisories/51258/

UnrealIRCd Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/51266/

gatling FTP Mode Directory Traversal Vulnerability
http://secunia.com/advisories/51255/

Red Hat update for gegl
http://secunia.com/advisories/51274/

Java Applet JAX-WS Remote Code Execution
http://cxsecurity.com/issue/WLB-2012110079

Jira Scriptrunner 2.0.7 <= CSRF/RCE
http://cxsecurity.com/issue/WLB-2012110078

HT Editor 2.0.20 Buffer Overflow (ROP PoC)
http://cxsecurity.com/issue/WLB-2012110077

P3 Technologie SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110076

CKFinder 2.3 & FCKEditor 2.6.8 SWF Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012110075

IDIC Blogs Shell Upload
http://cxsecurity.com/issue/WLB-2012110074

WordPress Related Posts Exit Popup SQL Injection
http://cxsecurity.com/issue/WLB-2012110073

Gajim SSL Failed Checks
http://cxsecurity.com/issue/WLB-2012110072

Google Chrome Prior to 22.0.1229.79 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55676

GEGL CVE-2012-4433 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56404

WeeChat Color Decoding Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56482

Oracle Solaris CVE-2012-3209 Local Security Vulnerability
http://www.securityfocus.com/bid/56074

IcedTea-Web CVE-2012-4540 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56434

Oracle Database 'CTXSYS.CONTEXT' Index Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54884

Oracle Solaris CVE-2012-3187 Local Security Vulnerability
http://www.securityfocus.com/bid/56060

Oracle Solaris CVE-2012-3211 Local Security Vulnerability
http://www.securityfocus.com/bid/56049

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

Oracle Solaris CVE-2012-3212 Local Security Vulnerability
http://www.securityfocus.com/bid/56038

Oracle Solaris CVE-2012-3207 Local Security Vulnerability
http://www.securityfocus.com/bid/56062

Oracle Solaris CVE-2012-3215 Local Security Vulnerability
http://www.securityfocus.com/bid/56012

Oracle Solaris CVE-2012-3208 Local Security Vulnerability
http://www.securityfocus.com/bid/56069

Oracle Solaris CVE-2012-3199 Local Security Vulnerability
http://www.securityfocus.com/bid/56052

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Eventy CMS Cross Site Scripting, HTML Injection, and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/56493

UnrealIRCd Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/56492

Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56464

Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56463

Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56462

Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56457

Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56456

Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56455

Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56448

Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2530 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56447

Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56442

Microsoft IIS FTP Service CVE-2012-2532 Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/56440

Microsoft IIS CVE-2012-2531 Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56439

Microsoft Excel CVE-2012-2543 Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56431

Microsoft Excel SST Invalid Length Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56430

Microsoft Excel CVE-2012-1886 Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56426

Microsoft Excel 'SerAuxErrBar' Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56425

Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56424

Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56422

Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56421

Microsoft Internet Explorer CFormElement Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56420

:: IT Security Neophyte Investigator's MEMO ::

2012年11月14日水曜日

14日水曜日、仏滅

0 件のコメント:

コメントを投稿

2012年11月14日水曜日

14日 水曜日、仏滅

0 件のコメント:

コメントを投稿

14日水曜日、仏滅