+ UPDATE: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
+ UPDATE: RADIUS Authentication Bypass
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050629-aaa
+ HPSBMU02815 SSRT100715 rev.5 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03489683-5%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3264
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2798897) 不正なデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2798897
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2794220) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2794220
+ SYM13-001 Security Advisories Relating to Symantec Products - Symantec Encryption Desktop Local Access Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130213_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4352
+ Linux Kernel CVE-2013-0228 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57940
Mitigating the BEAST attack in R75.40VS
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk74100&src=securityAlerts
Check Point response to XSS and CSRF vulnerabilities in Mobile Access Blade portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts
Check Point Response to Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65222&src=securityAlerts
Internet Explorer の脆弱性対策について (MS13-010)(CVE-2013-0030)
http://www.ipa.go.jp/security/ciadr/vul/20130213-ms.html
IPA テクニカルウォッチ
2012年の不正アクセス届出から読み解く、ウェブ改ざん被害の事例、傾向と対策
~単なるページの書き換えだけでなく、閲覧者のウイルス感染を狙う手口もあります~
http://www.ipa.go.jp/about/technicalwatch/20130213.html
IPアドレス頼りの捜査で取り違え、痕跡消す遠隔操作ウイルスで混乱
http://itpro.nikkeibp.co.jp/article/COLUMN/20130213/455969/?ST=security
[平成25年度春期]情報処理技術者試験の傾向と対策
情報セキュリティスペシャリスト試験の傾向と対策
http://itpro.nikkeibp.co.jp/article/COLUMN/20130121/450783/?ST=security
アドビのFlash Playerにセキュリティ脆弱性、5日前に続いて更新リリース
http://itpro.nikkeibp.co.jp/article/NEWS/20130213/455881/?ST=security
日本マイクロソフトが月例セキュリティパッチ公開、IEなどに緊急の脆弱性
http://itpro.nikkeibp.co.jp/article/NEWS/20130213/455801/?ST=security
JVNTA13-043B Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-043B/
JVNTA13-043A Adobe 製品に複数の脆弱性
http://jvn.jp/cert/JVNTA13-043A/
[SECURITY] [DSA 2622-1] polarssl security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00054.html
[SECURITY] [DSA 2621-1] openssl security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00055.html
Multiple Vulnerabilities in OpenPLI
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00053.html
[ MDVSA-2013:011 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00052.html
JVNDB-2013-001027 Oracle Java 7 に脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001027.html
JVNDB-2013-001289 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001289.html
JVNDB-2013-001290 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY および Proficy Process Systems with CIMPLICITY における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001290.html
JVNDB-2013-001416 Wireshark の DTN 解析機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001416.html
JVNDB-2013-001470 Accela BizSearch におけるユーザになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001470.html
JVNDB-2013-001469 複数の VMware 製品の VMCI の実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001469.html
JVNDB-2013-001468 CubeCart における任意の PHP オブジェクトをアンシリアライズされる脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001467.html
JVNDB-2013-001447 Adobe Flash Player におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001447.html
JVNDB-2013-001467 Bouncy Castle Java library および C# library の TLS の実装における識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001467.html
JVNDB-2013-001466 wolfSSL CyaSSL における識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001466.html
JVNDB-2013-001448 Adobe Flash Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001448.html
JVNDB-2013-001465 PolarSSL の SSL モジュールにおける識別攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001465.html
JVNDB-2013-001464 PolarSSL の SSL モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001464.html
JVNDB-2013-001463 Mozilla Network Security Services の TLS の実装における識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001463.html
JVNDB-2013-001462 GnuTLS の TLS の実装における識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001462.html
JVNDB-2013-001461 Opera における識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001461.html
JVNDB-2013-001460 TLS プロトコルおよび DTLS プロトコルにおける識別攻撃およびプレーンテキストリカバリ攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001460.html
JVNDB-2013-001459 OpenSSL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001459.html
JVNDB-2013-001458 OpenSSL の TLS の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001458.html
JVNDB-2013-001457 Nuance 製品に脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001457.html
McAfee VirusScan Enterprise Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028130
Windows NFS Server Null Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028129
More adobe reader and acrobat (PDF) trouble
https://isc.sans.edu/diary.html?storyid=15151
AbanteCart 1.1.3 (index.php) Multiple Reflected XSS Vulnerabilities
http://cxsecurity.com/issue/WLB-2013020095
OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2013020094
WordPress Classipress Theme 3.1.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2011110001
SonicWALL Scrutinizer 9.5.2 SQL Injection
http://cxsecurity.com/issue/WLB-2013020093
SonicWALL Aventail SSL-VPN SQL Injection
http://cxsecurity.com/issue/WLB-2011110058
IRIS Citations Management Tool Command Execution
http://cxsecurity.com/issue/WLB-2013020092
Polycom HDX Telnet Authorization Bypass
http://cxsecurity.com/issue/WLB-2013020091
Transferable Remote 1.1 iPad iPhone Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2013020090
BlackNova Traders SQL Injection
http://cxsecurity.com/issue/WLB-2013020089
Wordpress wp forum server v2 plugin SQL Injection
http://cxsecurity.com/issue/WLB-2013020084
KingView KingMess Buffer Overflow Vulnerability
http://secunia.com/advisories/52190/
SUSE update for opera
http://secunia.com/advisories/52204/
IBM WebSphere Message Broker Multiple Vulnerabilities
http://secunia.com/advisories/52176/
Accela / eAccela BizSearch Unspecified Spoofing Vulnerability
http://secunia.com/advisories/52200/
Cisco Unified MeetingPlace Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/52194/
IBM WebSphere Cast Iron Cloud Integration Unspecified Vulnerability
http://secunia.com/advisories/52191/
Red Hat update for flash-plugin
http://secunia.com/advisories/52203/
Ubuntu update for kernel
http://secunia.com/advisories/52205/
Debian update for rails
http://secunia.com/advisories/52180/
BlackBerry Enterprise Server LibTIFF Two Vulnerabilities
http://secunia.com/advisories/52168/
Ubuntu update for postgresql
http://secunia.com/advisories/52174/
Ubuntu update for kernel
http://secunia.com/advisories/52172/
Microsoft Windows OLE Automation File Parsing Vulnerability
http://secunia.com/advisories/52184/
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778
PolarSSL MAC Check CVE-2013-1622 Security Vulnerability
http://www.securityfocus.com/bid/57781
PolarSSL CVE-2013-1621 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57776
OpenSSL Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/57755
Oracle Java SE CVE-2012-3213 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57717
Oracle Java SE CVE-2012-1543 Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57705
Symantec Encryption Desktop CVE-2012-4351 Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/57170
libTIFF TIFF Image CVE-2012-2088 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54270
LibTIFF TIFF Image Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55673
Adobe Flash Player and AIR CVE-2013-0649 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57930
Adobe Flash Player and AIR CVE-2013-0637 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57929
Adobe Flash Player and AIR CVE-2013-1365 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57921
Adobe Flash Player and AIR CVE-2013-0644 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57933
Adobe Flash Player and AIR CVE-2013-1369 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57918
Adobe Flash Player and AIR CVE-2013-1370 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57919
Adobe Flash Player and AIR CVE-2013-1373 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57917
Adobe Flash Player and AIR CVE-2013-0639 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/57925
Adobe Flash Player and AIR CVE-2013-1366 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57920
Adobe Flash Player and AIR CVE-2013-1372 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57912
Adobe Flash Player and AIR CVE-2013-0638 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57926
Adobe Flash Player and AIR CVE-2013-0647 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57927
Adobe Flash Player and AIR CVE-2013-0642 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57923
Adobe Flash Player and AIR CVE-2013-0645 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57916
Adobe Flash Player and AIR CVE-2013-1374 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57932
Adobe Flash Player and AIR CVE-2013-1367 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57924
Adobe Flash Player and AIR CVE-2013-1368 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57922
Samba SWAT Cross Site Request Forgery and Clickjacking Vulnerabilities
http://www.securityfocus.com/bid/57631
Oracle Java SE CVE-2013-1480 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57691
Oracle Java SE CVE-2013-1479 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57706
RETIRED: Adobe Flash Player and AIR APSB13-05 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57907
Oracle Java Runtime Environment CVE-2012-3174 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57312
Oracle Outside In Technology CVE-2013-0418 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57364
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0750 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57235
Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/56896
Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57114
Oracle Java SE CVE-2013-1481 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57718
Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57126
EMC NetWorker 'nsrindexd' RPC Service Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57182
WebKit CVE-2012-3748 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/56362
HP LeftHand Virtual SAN Appliance Multiple Remote Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/57754
Novell Groupwise Client CVE-2012-0439 ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57658
Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0753 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57209
Citrix Provisioning Services Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/49803
Qt Shared Memory Segments Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/57772
Polycom Products Directory Traversal and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/52301
Drupal Banckle Chat Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57942
Drupal Manager Change For Organic Groups Module 'autocomplete' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57941
Linux Kernel CVE-2013-0228 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57940
Transferable Remote Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57915
Dell SonicWALL Scrutinizer Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/57914
0 件のコメント:
コメントを投稿