2013年7月17日水曜日

17日 水曜日、先負

+ RHSA-2013:1051 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1051.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3301

+ HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03788014-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2365

+ UPDATE: HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03747342-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2012-5621 Denial of Service (DoS) vulnerability in Ekiga
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5621

+ Multiple integer overflow vulnerabilities in GEGL
https://blogs.oracle.com/sunsecurity/entry/multiple_integer_overflow_vulnerabilities_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4433

+ CVE-2013-1416 Denial of Service (DoS) vulnerability in Kerberos
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1416_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416

+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499

+ CVE-2012-3374 Buffer Overflow vulnerability in Pidgin
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3374_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3374

+ CVE-2012-6329 Code Injection vulnerability in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ CVE-2012-0814 Credentials Management vulnerability in SSH
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0814_credentials_management
CVE-2012-0814

+ CVE-2010-5107 Denial of Service vulnerability in SSH
https://blogs.oracle.com/sunsecurity/entry/cve_2010_5107_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107

+ CVE-2013-0338 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0338_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338

+ CVE-2012-2807 Numeric Errors vulnerability in libxslt
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2807_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807

+ Multiple vulnerabilities in Apache HTTP Server 1.3
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

+ CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928

+ Multiple vulnerabilities in libexif
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libexif1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2845

+ Lucky Thirteen vulnerability in Solaris OpenSSL
https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_solaris
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Oracle Critical Patch Update Advisory - July 2013
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

+ VMSA-2013-0008 VMware vCenter Chargeback Manager Remote Code Execution
http://www.vmware.com/security/advisories/VMSA-2013-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3520

+ UPDATE: Advisory: MacBook Air (June 2013 release only) freezes following installation of Sophos Disk Encryption for Mac, version 6.x
http://www.sophos.com/en-us/support/knowledgebase/119581.aspx

+ Apache Struts 2.3.15.1 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23151.html

+ MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
http://www.securitytracker.com/id/1028790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3812

+ Oracle Database Bugs Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3790

+ DoS/PoC: Squid 3.3.5 - DoS PoC
http://www.exploit-db.com/exploits/26886

+ Squid-3.3.5 Denial of Service PoC
http://cxsecurity.com/issue/WLB-2013070115

+ Linux kernel vhost-net use-after-free in vhost_net_flush
http://cxsecurity.com/issue/WLB-2013070117

+ Linux kernel ipv6 BUG_ON in fib6_add_rt2node()
http://cxsecurity.com/issue/WLB-2013070116

+ Oracle MySQL Server CVE-2013-3793 Remote Security Vulnerability
http://www.securityfocus.com/bid/61264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3793

+ Oracle MySQL Server CVE-2013-3802 Remote Security Vulnerability
http://www.securityfocus.com/bid/61244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3802

+ Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/61129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

+ Linux Kernel CVE-2013-4129 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/61193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4129

+ glibc and eglibc CVE-2013-4788 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/61183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4788

+ Squid 'squid-cache' Service Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/61182

+ Cisco Secure Access Control System CVE-2013-3424 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/61175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3424

JVNDB-2013-000069 サイボウズ Office におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000069.html

あなたのパスワード、バレてます(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130717/491782/?ST=security

チェックしておきたい脆弱性情報<2013.07.17>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130716/491482/?ST=security

第2回 「AndroidでMITB攻撃」の可能性、root化は攻撃のハードルを下げる
http://itpro.nikkeibp.co.jp/article/COLUMN/20130708/489844/?ST=security

2012年の国内セキュアコンテンツ/脅威管理市場は1402億円---IDC Japan調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130716/491762/?ST=security

Yahoo!の放置ID再利用計画、新ユーザー名のリクエスト受付開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130716/491583/?ST=security

JVNVU#94853684 McAfee ePolicy Orchestrator に複数の脆弱性
http://jvn.jp/cert/JVNVU94853684/

JVNVU#94014626 Verizon Wireless Network Extender に複数の脆弱性
http://jvn.jp/cert/JVNVU94014626/

JVNVU#98184126 EMBASSY Remote Administration Server に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU98184126/

DoS/PoC: rpcbind (CALLIT Procedure) UDP Crash PoC
http://www.exploit-db.com/exploits/26887

DoS/PoC: Light Audio Mixer Version 1.0.12 (.wav) - Crash POC
http://www.exploit-db.com/exploits/26891

DoS/PoC: Kate's Video Toolkit Version 7.0 (.wav) - Crash POC
http://www.exploit-db.com/exploits/26892

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)