2012年11月27日火曜日
27日 火曜日、大安
+ Google Chrome 23.0.1271.91 released
http://googlechromereleases.blogspot.jp/2012/11/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5136
+ WebSphere Portal 7.0.0.x および 8.0 のテーマコンポーネントにおける脆弱性の問題
http://www-01.ibm.com/support/docview.wss?uid=swg21617949
+ Linux kernel 3.6.8, 3.4.20, 3.0.53 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.8
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.20
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.53
+ SA51299 OpenBSD Portmap Denial of Service Vulnerability
http://secunia.com/advisories/51299/
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00095.html
ESA-2012-054: RSA R Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00094.html
Forescout NAC (Network Access Control) multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00096.html
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00093.html
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00091.html
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Fr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00092.html
パロアルト、仮想VM向けに管理IPをRESTで変えられるファイアウォール新OS
http://itpro.nikkeibp.co.jp/article/NEWS/20121126/439702/?ST=security
JVNVU#160027 複数の Broadcom 製無線チップセットにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU160027/index.html
JVNDB-2012-005201 日立の JP1/File Transmission Server/FTP における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005201.html
JVNDB-2012-005324 Joomla! におけるクリックジャッキング攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005324.html
JVNDB-2012-005193 Exim の dkim.c におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005193.html
JVNDB-2012-004866 ISC BIND におけるサービス運用妨害 (named デーモンハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004866.html
JVNDB-2012-003714 Ipswitch WhatsUp Gold におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003714.html
JVNDB-2012-003268 ViewVC の SVN のリビジョン表示における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003268.html
JVNDB-2012-003267 ViewVC のリモート SVN ビュー機能におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003267.html
JVNDB-2012-003901 PyFriBidi の fribidi_utf8_to_unicode 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003901.html
JVNDB-2012-001169 IrfanView PlugIns の JPEG2000 プラグインにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001169.html
JVNDB-2012-003091 DokuWiki の inc/template.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003091.html
JVNDB-2012-005502 複数の Sinapsi 製品の管理 Web ページにおける管理者のアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005502.html
JVNDB-2012-005501 複数の Sinapsi 製品の ping.php における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005501.html
JVNDB-2012-005500 複数の Sinapsi 製品の login.php における管理者のアクセス権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005500.html
JVNDB-2012-005499 複数の Sinapsi 製品における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005499.html
JVNDB-2012-005498 IBM WebSphere DataPower XC10 アプライアンスにおける管理ロールの要件を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005498.html
JVNDB-2012-005497 IBM WebSphere DataPower XC10 アプライアンスにおけるサービス運用妨害 (プロセス終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005497.html
JVNDB-2012-005496 IBM WebSphere DataPower XC10 アプライアンスにおけるコンテナサーバを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005496.html
JVNDB-2012-005493 Xen におけるサービス運用妨害 (無限ループ および ハングアップまたはクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005493.html
JVNDB-2012-005492 Xen におけるサービス運用妨害 (メモリ消費および表明違反) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005492.html
JVNDB-2012-005491 Xen におけるサービス運用妨害 (Xen クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005491.html
JVNDB-2012-005490 Xen におけるサービス運用妨害 (Xen の無限ループおよび物理 CPU の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005490.html
JVNDB-2012-005489 mcrypt におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005489.html
JVNDB-2012-005488 mcrypt におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005488.html
JVNDB-2012-005487 mcrypt の extra.c におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005487.html
Online Shopping for the Holidays? Tips, News and a Fair Warning
http://isc.sans.edu/diary.html?storyid=14569
RSA Adaptive Authentication (On-Premise) Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027811
VU#281284 Samsung Printer firmware contains a backdoor administrator account
http://www.kb.cert.org/vuls/id/281284
OpenBSD Portmap Denial of Service Vulnerability
http://secunia.com/advisories/51299/
WibuKey Runtime for Windows ActiveX Control Buffer Overflow Vulnerability
http://secunia.com/advisories/49987/
jBilling Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51341/
ManageEngine ServiceDesk Plus Two Script Insertion Vulnerabilities
http://secunia.com/advisories/51290/
Synology Photo Station "list" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/51354/
Tor Denial of Service Vulnerability
http://secunia.com/advisories/51329/
OpenBSD 5.2 libc/ RPC (portmap) remote DoS
http://cxsecurity.com/issue/WLB-2012110187
mcrypt <= 2.5.8 STACK based overflow
http://cxsecurity.com/issue/WLB-2012110192
BlazeVideo HDTV Player 6.6 Professional (Direct Retn) Buffer overflow
http://cxsecurity.com/issue/WLB-2012110191
Aviosoft Digital TV Player Professional 1.x (Direct Retn) Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110190
buyclassifiedscript PHP code injection vulnerability
http://cxsecurity.com/issue/WLB-2012110189
SmartCMS <= SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110188
Websense Proxy Filter Bypass
http://cxsecurity.com/issue/WLB-2012110186
jBilling 3.0.2 Cross Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012110185
PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability
http://cxsecurity.com/issue/WLB-2012110184
Landshop 0.9.2 Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012040004
Quest InTrust 10.4.x Remote File Creation / Overwrite
http://cxsecurity.com/issue/WLB-2012110120
KnFTPd 1.0.0 Denial Of Service
http://cxsecurity.com/issue/WLB-2012030249
LOCAL: mcrypt <= 2.5.8 Stack Based Overflow
http://www.exploit-db.com/exploits/22928
LOCAL: BlazeVideo HDTV Player 6.6 Professional (Direct Retn)
http://www.exploit-db.com/exploits/22931
LOCAL: Aviosoft Digital TV Player Professional 1.x (Direct Retn)
http://www.exploit-db.com/exploits/22932
DoS/PoC: Websense Proxy Filter Bypass
http://www.exploit-db.com/exploits/22935
DoS/PoC: mcrypt <= 2.6.8 stack-based buffer overflow poc
http://www.exploit-db.com/exploits/22938
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
Xen CVE-2012-3515 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55413
Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56621
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56618
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56614
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5836 Denial of Service Vulnerability
http://www.securityfocus.com/bid/56616
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5843 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56612
Mozilla Firefox CVE-2012-4206 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56625
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4204 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56613
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4209 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56629
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-5842 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/56611
Mozilla Firefox CVE-2012-4203 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56623
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56604
SWFUpload 'movieName' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54245
Mcrypt Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425
Xen 'PHYSDEVOP_map_pirq' Index CVE-2012-3498 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55414
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
http://www.securityfocus.com/bid/22967
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
Xen 'physdev_get_free_pirq' CVE-2012-3495 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55406
Xen 'set_debugreg' CVE-2012-3494 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55400
Xen 'TMEM hypercall' CVE-2012-3497 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55410
Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650
Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498
Xen 'XENMEM_populate_physmap' CVE-2012-3496 Denial of Service Vulnerability
http://www.securityfocus.com/bid/55412
Xen CVE-2012-4411 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/55442
BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35918
Aviosoft DTV Player '.plf' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50582
ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55852
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
http://www.securityfocus.com/bid/56484
Drupal ShareThis Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55870
Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/56557
Symphony CVE-2012-5574 Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/56685
EMC Smarts Network Configuration Manager (NCM) Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56682
WordPress Ads Box Plugin 'count' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56681
WibuKey Runtime ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56678
PRADO 'sr' Parameter Multiple Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/56677
BuyClassifiedScript 'search()' Function PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/56676
Synology Photo Station 'list' Parameter Arbitrary File Disclosure Vulnerability
http://www.securityfocus.com/bid/56674
SmartCMS 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/56672
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿