2012年12月6日木曜日

6日 木曜日、友引


+ CESA-2012:1540 Important CentOS 5 kernel Update
http://lwn.net/Alerts/528106/

+ phpMyAdmin 3.5.4 released
http://sourceforge.net/news/?group_id=23067&id=309812

+ CVE-2012-0882 Buffer Overflow vulnerability in yaSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0882buffer_overflow_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0882

Check Point response to "DoS through hash table against Web Application Platforms" (CVE-2011-4838)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk66350&src=securityAlerts

InterScan Messaging Security製品用クロスサイトリクエストフォージェリ(CSRF)の脆弱性対応Critical Patchリリースのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1849

[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00046.html

[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00045.html

[security bulletin] HPSBPI02828 SSRT100778 rev.1 - HP LaserJet and Color LaserJet, Cross-Site Scripting (XSS)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00041.html

[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00040.html

Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00048.html

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00044.html

CVE-2012-3546 Apache Tomcat Bypass of security constraints
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00043.html

CVE-2012-4534 Apache Tomcat denial of service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-12/msg00042.html

「グレーなアプリも検出」、シマンテックのAndroid向けセキュリティ製品
連絡先のバックアップ機能を追加、一部機能はiPhoneにも対応
http://itpro.nikkeibp.co.jp/article/NEWS/20121206/442341/?ST=security

チェックしておきたい脆弱性情報<2012.12.06>
http://itpro.nikkeibp.co.jp/article/COLUMN/20121203/441589/?ST=security

日本原子力研究開発機構から情報漏洩の可能性、PC3台がウイルス感染
http://itpro.nikkeibp.co.jp/article/NEWS/20121205/442302/?ST=security

PFUが標的型攻撃対策を強化したネットワーク検疫ソフト新版、Windows 8の検疫にも初対応
http://itpro.nikkeibp.co.jp/article/NEWS/20121205/442104/?ST=security

日本のJAXA新型ロケット情報が、マルウェア感染で流出 (WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20121205/442003/?ST=security

Security Patch released for BIND 9.9.2
http://isc.sans.edu/diary.html?storyid=14641

cPanel Unspecified Flaws Have Unspecified Impact
http://www.securitytracker.com/id/1027839

Red Hat Enterprise Virtualization Manager Bugs Let Local Users Gain Elevated Privileges and Remote Authenticated Users Access Data
http://www.securitytracker.com/id/1027838

Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027836

ISC BIND DNS64 Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027835

Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
http://www.securitytracker.com/id/1027834

Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
http://www.securitytracker.com/id/1027833

Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information
http://cxsecurity.com/issue/WLB-2012120050

Panda Internet Security Binary Planting
http://cxsecurity.com/issue/WLB-2012120049

Apache Tomcat CSRF Prevention Filter Bypass
http://cxsecurity.com/issue/WLB-2012120048

Apache Tomcat Security Bypass
http://cxsecurity.com/issue/WLB-2012120047

ManageEngine MSPCentral 9 Cross Site Request Forgery & Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012120046

Ektron 8.02 XSLT Transform Remote Code Execution
http://cxsecurity.com/issue/WLB-2012120045

Tectia SSH USERAUTH Change Request Password Reset
http://cxsecurity.com/issue/WLB-2012120044

SSH Tectia (SSH.com Communications) Authentication Bypass Remote 0day
http://cxsecurity.com/issue/WLB-2012120018

Wirtualna Polska S.A. (WP) XSS & CSRF
http://cxsecurity.com/issue/WLB-2012120043

Ubuntu update for linux-ec2
http://secunia.com/advisories/51470/

Red Hat update for kernel
http://secunia.com/advisories/51473/

SUSE update for xen
http://secunia.com/advisories/51495/

Red Hat CloudForms Multiple Vulnerabilities
http://secunia.com/advisories/51472/

Opera GIF Image Handling Buffer Underflow Vulnerability
http://secunia.com/advisories/51462/

Red Hat Network Proxy / Network Satellite Server jabberd XMPP Dialback Protection Bypass
http://secunia.com/advisories/51475/

Apache Tomcat Multiple Vulnerabilities
http://secunia.com/advisories/51425/

Mesa "validate_uniform_parameters()" Buffer Overflow Vulnerability
http://secunia.com/advisories/51489/

cPanel Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/51494/

Citrix XenServer Multiple Vulnerabilities
http://secunia.com/advisories/51486/

ISC BIND DNS64 REQUIRE Assertion Failure Denial of Service Vulnerability
http://secunia.com/advisories/51484/

REMOTE: Ektron 8.02 XSLT Transform Remote Code Execution
http://www.exploit-db.com/exploits/23155

REMOTE: Tectia SSH USERAUTH Change Request Password Reset Vulnerability
http://www.exploit-db.com/exploits/23156

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655

Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958

jabberd XMPP Server Dialback Protection Bypass Component Security Bypass Vulnerability
http://www.securityfocus.com/bid/55167

ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56817

CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56494

Ruby on Rails CVE-2012-3464 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54958

Ruby on Rails 'authenticate_or_request_with_http_digest' Method Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54704

Puppet Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54399

Ruby on Rails 'strip_tags()' CVE-2012-3465 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54957

Ruby on Rails CVE-2012-2694 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/53976

Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53970

Ruby on Rails Active Record SQL Injection Vulnerability
http://www.securityfocus.com/bid/53753

Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754

Ruby on Rails 'select_tag()' Method CVE-2012-3463 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54959

Puppet Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52975

RubyGems mail Directory Traversal and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/53257

HP Intelligent Management Centre 'uam.exe' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55271

RETIRED: MariaDB CVE-2012-5579 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56750

Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769

RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/56759

Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56797

Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56798

Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062

Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238

Linux Kernel 'inet->opt ip_options' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55359

Xen Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/56498

Google Chrome OS Prior to 23.0.1271.94 CVE-2012-5129 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56756

Xen Grant Table Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56794

Xen CVE-2012-5514 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56803

Xen Bitmap Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56796

Xen 'HVMOP_set_mem_access' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56799

SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/56783

Computer Associates XCOM Data Transport Remote Arbitrary Command Execution Vulnerability
http://www.securityfocus.com/bid/56824

Kordil EDMS 'Password' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/56823

HP LaserJet Pro 400 Multi Function Printers Remote Unspecified Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/56821

Red Hat CloudForms Multiple Insecure File Permissions and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/56819

cPanel Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/56818

Ektron CMS 'XslCompiledTransform' Class Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56816

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)