:: IT Security Neophyte Investigator's MEMO ::: 1日金曜日、友引

2013年2月1日金曜日

1日金曜日、友引

+ RHSA-2013:0219 Moderate: mysql security update
http://rhn.redhat.com/errata/RHSA-2013-0219.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0389

+ RHSA-2013:0213 Important: nss, nss-util, and nspr security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-0213.html

+ RHSA-2013:0217 Important: mingw32-libxml2 security update
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

+ RHSA-2013:0216 Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2013-0216.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669

+ RHSA-2013:0218 Moderate: xorg-x11-drv-qxl security update
http://rhn.redhat.com/errata/RHSA-2013-0218.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0241

+ RHSA-2013:0215 Important: abrt and libreport security update
http://rhn.redhat.com/errata/RHSA-2013-0215.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5660

+ RHSA-2013:0214 Important: nss and nspr security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-0214.html

IPA テクニカルウォッチ
「社会インフラとしてのクラウドに求められる信頼性とサービス継続のための条件について」レポート
～クラウドの停止リスクの回避及びデータセンター間の移転等の課題に関する整理と提起～
http://www.ipa.go.jp/about/technicalwatch/20130131.html

世界のセキュリティ・ラボから
大規模サイバースパイ活動「Red October」、Java脆弱性も悪用
http://itpro.nikkeibp.co.jp/article/COLUMN/20130129/452708/?ST=security

指紋と指静脈の組み合わせで「乾燥肌」でもログイン可能に、ジャパンシステム
http://itpro.nikkeibp.co.jp/article/NEWS/20130131/453209/?ST=security

JVNVU#90348117 Portable SDK for UPnP にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU90348117/

JVN#86040029 Android 版ウェザーニュースタッチにおいて位置情報をログに出力する脆弱性
http://jvn.jp/jp/JVN86040029/

JVNDB-2013-001321 日立 Cosminexus の運用管理機能におけるユーザ認証の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001321.html

JVNDB-2012-002842 ICU の common/uloc.c 内の _canonicalize 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002842.html

JVNDB-2012-003323 複数の Apple 製品で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003323.html

JVNDB-2013-000005 Android 版ウェザーニュースタッチにおいて位置情報をログに出力する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000005.html

JVNDB-2013-001320 Ruby on Rails における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001320.html

JVNDB-2012-001496 libpng における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001496.html

JVNDB-2011-002637 libxml2 におけるメモリ二重開放の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002637.html

JVNDB-2011-002992 libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002992.html

JVNDB-2011-004603 libxml および libxml2 の xpath.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004603.html

JVNDB-2011-001437 LibTIFF の Thunder デコーダにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001437.html

Released: rompar - Semi-automation tool for data extraction of microscopic Masked ROM images
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00131.html

DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00130.html

[security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Re
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00129.html

marc4dasm - Atmel MARC microprocessor disassembler published
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00128.html

OWASP Zed Attack Proxy 2.0.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00127.html

CFP Observe. Hack. Make.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00126.html

Buffalo TeraStation TS-Series multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-01/msg00125.html

IPv6 Focus Month
https://isc.sans.edu/diary.html?storyid=15049

Intermittent Outages at Amazon.com
https://isc.sans.edu/diary.html?storyid=15052

Novell GroupWise ActiveX Control Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028062

Novell GroupWise Client Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028061

HP XP P9000 Command View Advanced Edition Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028060

SAP Netweaver Web Application Server J2EE AdapterFramework Servlet Information Disclosure
http://secunia.com/advisories/52017/

SAP NetWeaver Web Application Server CCMS XML Entity References Information Disclosure Vulnerability
http://secunia.com/advisories/52013/

SAP NetWeaver MMC Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/51940/

IBM Sterling Connect:Direct Denial of Service Vulnerabilities
http://secunia.com/advisories/52046/

IBM Sterling Connect:Direct Denial of Service Vulnerabilities
http://secunia.com/advisories/52032/

Novell GroupWise Client Two Vulnerabilities
http://secunia.com/advisories/52031/

GNU C Library "extend_buffers()" Regular Expression Handling Denial of Service Vulnerability
http://secunia.com/advisories/51951/

DataLife Engine "catlist[]" PHP Code Execution Vulnerability
http://secunia.com/advisories/51971/

QXL Virtual GPU SPICE Connection Handling Denial of Service Vulnerability
http://secunia.com/advisories/52021/

Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform
http://secunia.com/advisories/52041/

Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
http://secunia.com/advisories/52035/

WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability
http://secunia.com/advisories/51347/

Schneider Electric Accutech Manager Buffer Overflow Vulnerability
http://secunia.com/advisories/52034/

MariaDB Multiple Vulnerabilities
http://secunia.com/advisories/52015/

Drupal Boxes Module Subject Field Script Insertion Vulnerability
http://secunia.com/advisories/51997/

Ubuntu update for squid-cgi
http://secunia.com/advisories/52024/

FreeBSD/GNU ftpd remote denial of service
http://cxsecurity.com/issue/WLB-2013010233

Wordpress simple-shout-box Plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013010235

Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013010236

logiciel transaction immobiliere cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2013010234

Netgear SPH200D Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2013010232

Drupal 6.x email2image Access bypass
http://cxsecurity.com/issue/WLB-2013010231

Drupal Drush Debian Packaging Information Disclosure
http://cxsecurity.com/issue/WLB-2013010230

Drupal 7.x Boxes Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013010229

Drupal Google Authenticator (third-party module)
http://cxsecurity.com/issue/WLB-2013010228

Wordpress RLSWordPressSearch plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013010227

Linux Kernel NFS Automount 'symlinks' Denial of Service Vulnerability
http://www.securityfocus.com/bid/39044

Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39719

Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39715

Linux Kernel CVE-2010-0291 'mmap()' and 'mremap()' Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/37906

Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/38165

Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569

Oracle Sun Products Suite CVE-2012-1687 Local Solaris Vulnerability
http://www.securityfocus.com/bid/54508

pam_krb5 Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35112

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44425

dbus-glib 'access' Flag Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42347

Sun Solaris Sockets Direct Protocol (SDP) Driver 'sdp(7D)' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36904

Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038

Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36108

Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35281

MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34257

MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408

MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409

OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/51036

Squid 'cachemgr.cgi' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57646

Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56957

OpenStack Nova CVE-2012-5625 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56904

OpenStack Compute (Nova) 'nova-volume' Security Bypass Vulnerability
http://www.securityfocus.com/bid/57613

OpenStack Glance CVE-2013-0212 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57612

RETIRED: WordPress TwentyTen Theme 'loo.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/57073

libupnp Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57602

Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
http://www.securityfocus.com/bid/57417

Oracle MySQL Server CVE-2012-0572 Remote Security Vulnerability
http://www.securityfocus.com/bid/57385

Oracle MySQL Server CVE-2012-0578 Remote Security Vulnerability
http://www.securityfocus.com/bid/57334

Oracle MySQL Server CVE-2012-5096 Remote Security Vulnerability
http://www.securityfocus.com/bid/57400

Oracle MySQL Server CVE-2013-0385 Local Security Vulnerability
http://www.securityfocus.com/bid/57412

Oracle MySQL Server CVE-2013-0371 Remote Security Vulnerability
http://www.securityfocus.com/bid/57415

Oracle MySQL Server CVE-2013-0375 Remote Security Vulnerability
http://www.securityfocus.com/bid/57391

Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56769

Oracle MySQL Server Heap Overflow Vulnerability
http://www.securityfocus.com/bid/56768

Oracle MySQL Server CVE-2012-0574 Remote Security Vulnerability
http://www.securityfocus.com/bid/57414

Oracle MySQL Server CVE-2013-0383 Remote Security Vulnerability
http://www.securityfocus.com/bid/57405

Oracle MySQL Server CVE-2012-1705 Remote Security Vulnerability
http://www.securityfocus.com/bid/57410

Oracle MySQL Server CVE-2013-0368 Remote Security Vulnerability
http://www.securityfocus.com/bid/57397

Oracle MySQL Server CVE-2012-1702 Remote Security Vulnerability
http://www.securityfocus.com/bid/57388

Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
http://www.securityfocus.com/bid/57416

Oracle MySQL Server CVE-2013-0386 Remote Security Vulnerability
http://www.securityfocus.com/bid/57418

Oracle MySQL and MariaDB CVE-2012-5627 Insecure Salt Generation Security Bypass Weakness
http://www.securityfocus.com/bid/56837

Oracle MySQL Server CVE-2012-5060 Remote Security Vulnerability
http://www.securityfocus.com/bid/57411

Oracle MySQL Server Username Enumeration Weakness
http://www.securityfocus.com/bid/56766

Oracle MySQL Server CVE-2013-0367 Remote Security Vulnerability
http://www.securityfocus.com/bid/57408

Simple Machines Forum Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/37182

Wireshark DTN Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57626

Wireshark PER Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57622

Wireshark MS-MMC Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57620

Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57618

Wireshark DTLS Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57621

Wireshark ROHC Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57619

Wireshark CLNP Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57625

Wireshark DCP-ETSI Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/57615

Wireshark Dissectors Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57616

Netgear SPH200D Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57660

HP XP P9000 Command View Advanced Edition CVE-2012-3281 Unspecified Denial of Service Vulnerability
http://www.securityfocus.com/bid/57659

Novell Groupwise Client CVE-2012-0439 ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57658

Novell Groupwise Client CVE-2013-0804 Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57657

SAP NetWeaver J2EE AdapterFramework Servlet Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57656

SAP NetWeaver CCMS Service XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57654

Wordpress Gallery Plugin 'load' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/57650

Broadcom UPnP Stack 'SetConnectionType()' Function Format String Vulnerability
http://www.securityfocus.com/bid/57649

Wireshark DTN Dissector CVE-2013-1584 Denial of Service Vulnerability
http://www.securityfocus.com/bid/57647

:: IT Security Neophyte Investigator's MEMO ::

2013年2月1日金曜日

1日金曜日、友引

0 件のコメント:

コメントを投稿

2013年2月1日金曜日

1日 金曜日、友引

0 件のコメント:

コメントを投稿

1日金曜日、友引