2013年10月31日木曜日
31日 木曜日、大安
+ RHSA-2013:1480 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1480.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
+ CESA-2013:1476 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/572253/
+ CESA-2013:1476 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/572254/
+ CESA-2013:1475 Moderate CentOS 6 postgresql Update
http://lwn.net/Alerts/572256/
+ CESA-2013:1473 Important CentOS 6 spice-server Update
http://lwn.net/Alerts/572258/
+ CESA-2013:1475 Moderate CentOS 5 postgresql84 Update
http://lwn.net/Alerts/572255/
+ CESA-2013:1474 Important CentOS 5 qspice Update
http://lwn.net/Alerts/572257/
+ Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5547
+ UPDATE: HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748875-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748879-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969433-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4834
+ HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969435-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835
+ HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969436-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4836
+ HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969437-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4839
JVNDB-2013-004446 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004446.html
JVNDB-2013-001665 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001665.html
「CAPTCHAを解読できる」最新式人工知能(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131031/515062/?ST=security
「Androidアプリの96%に脆弱性リスク」、SDNAが調査レポート公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514742/?ST=security
VU#326830 NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
http://www.kb.cert.org/vuls/id/326830
VU#639620 Joomla! Media Manager allows arbitrary file upload and execution
http://www.kb.cert.org/vuls/id/639620
VU#533894 Openbravo ERP contains an information disclosure vulnerability
http://www.kb.cert.org/vuls/id/533894
2013年10月30日水曜日
30日 水曜日、仏滅
+ RHSA-2013:1473 Important: spice-server security update
http://rhn.redhat.com/errata/RHSA-2013-1473.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
+ RHSA-2013:1475 Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
+ RHSA-2013:1476 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1476.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
+ RHSA-2013:1474 Important: qspice security update
http://rhn.redhat.com/errata/RHSA-2013-1474.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
+ Mozilla Firefox 25 released
http://www.mozilla.org/en-US/firefox/25.0/releasenotes/
+ Mozilla Thunderbird 24.1 released
http://www.mozilla.org/en-US/thunderbird/24.1.0/releasenotes/
+ MFSA 2013-102 Use-after-free in HTML document templates
http://www.mozilla.org/security/announce/2013/mfsa2013-102.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603
+ MFSA 2013-101 Memory corruption in workers
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
+ MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
+ MFSA 2013-99 Security bypass of PDF.js checks using iframes
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5598
+ MFSA 2013-98 Use-after-free when updating offline cache
http://www.mozilla.org/security/announce/2013/mfsa2013-98.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
+ MFSA 2013-97 Writing to cycle collected object during image decoding
http://www.mozilla.org/security/announce/2013/mfsa2013-97.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5596
+ MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
http://www.mozilla.org/security/announce/2013/mfsa2013-96.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
+ MFSA 2013-95 Access violation with XSLT and uninitialized data
http://www.mozilla.org/security/announce/2013/mfsa2013-95.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
+ MFSA 2013-94 Spoofing addressbar though SELECT element
http://www.mozilla.org/security/announce/2013/mfsa2013-94.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593
+ MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
+ REMOTE: Apache / PHP 5.x Remote Code Execution Exploit
http://www.exploit-db.com/exploits/29290
http://cxsecurity.com/issue/WLB-2013100194
+ Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185
+ SA55429 Apache mod_pagespeed Module Cross-Site Scripting Vulnerability
http://secunia.com/advisories/55429/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6111
Security Gateway Virtual Edition (VE) VMWare OVF template security update
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96026&src=securityAlerts
JVNDB-2013-000096 RockDisk におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000096.html
カスペルスキーのセキュリティソフト新版、家族内なら無制限に利用可能
http://itpro.nikkeibp.co.jp/article/NEWS/20131030/514782/?ST=security
Suicaの乗降履歴事例を引き合いに、法制度改正求める声相次ぐ
「パーソナルデータに関する検討会」第3回会合
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514706/?ST=security
IPA情報処理試験がセキュリティ分野重視に、基本や応用の午後試験では必須化
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514502/?ST=security
JVNVU#96036147 Cisco Identity Services Engine に脆弱性
http://jvn.jp/cert/JVNVU96036147/
REMOTE: WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29273
http://rhn.redhat.com/errata/RHSA-2013-1473.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
+ RHSA-2013:1475 Moderate: postgresql and postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2013-1475.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
+ RHSA-2013:1476 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1476.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
+ RHSA-2013:1474 Important: qspice security update
http://rhn.redhat.com/errata/RHSA-2013-1474.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4282
+ Mozilla Firefox 25 released
http://www.mozilla.org/en-US/firefox/25.0/releasenotes/
+ Mozilla Thunderbird 24.1 released
http://www.mozilla.org/en-US/thunderbird/24.1.0/releasenotes/
+ MFSA 2013-102 Use-after-free in HTML document templates
http://www.mozilla.org/security/announce/2013/mfsa2013-102.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5603
+ MFSA 2013-101 Memory corruption in workers
http://www.mozilla.org/security/announce/2013/mfsa2013-101.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
+ MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
http://www.mozilla.org/security/announce/2013/mfsa2013-100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
+ MFSA 2013-99 Security bypass of PDF.js checks using iframes
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5598
+ MFSA 2013-98 Use-after-free when updating offline cache
http://www.mozilla.org/security/announce/2013/mfsa2013-98.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
+ MFSA 2013-97 Writing to cycle collected object during image decoding
http://www.mozilla.org/security/announce/2013/mfsa2013-97.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5596
+ MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
http://www.mozilla.org/security/announce/2013/mfsa2013-96.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
+ MFSA 2013-95 Access violation with XSLT and uninitialized data
http://www.mozilla.org/security/announce/2013/mfsa2013-95.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604
+ MFSA 2013-94 Spoofing addressbar though SELECT element
http://www.mozilla.org/security/announce/2013/mfsa2013-94.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593
+ MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
http://www.mozilla.org/security/announce/2013/mfsa2013-93.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
+ REMOTE: Apache / PHP 5.x Remote Code Execution Exploit
http://www.exploit-db.com/exploits/29290
http://cxsecurity.com/issue/WLB-2013100194
+ Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185
+ SA55429 Apache mod_pagespeed Module Cross-Site Scripting Vulnerability
http://secunia.com/advisories/55429/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6111
Security Gateway Virtual Edition (VE) VMWare OVF template security update
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk96026&src=securityAlerts
JVNDB-2013-000096 RockDisk におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000096.html
カスペルスキーのセキュリティソフト新版、家族内なら無制限に利用可能
http://itpro.nikkeibp.co.jp/article/NEWS/20131030/514782/?ST=security
Suicaの乗降履歴事例を引き合いに、法制度改正求める声相次ぐ
「パーソナルデータに関する検討会」第3回会合
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514706/?ST=security
IPA情報処理試験がセキュリティ分野重視に、基本や応用の午後試験では必須化
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514502/?ST=security
JVNVU#96036147 Cisco Identity Services Engine に脆弱性
http://jvn.jp/cert/JVNVU96036147/
REMOTE: WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29273
2013年10月29日火曜日
29日 火曜日、先負
+ SA55427 McAfee Firewall Enterprise Multiple Vulnerabilities
http://secunia.com/advisories/55427/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5710
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2006
Advisory: Sophos Mobile Control - vulnerability found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx
「出口対策」を強化せよ、新型攻撃と戦うユーザーに必要な意識改革
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513369/?ST=security
米当局は駐独米大使館を拠点にベルリンを盗聴、独誌が報じる
http://itpro.nikkeibp.co.jp/article/NEWS/20131028/514063/?ST=security
JVNVU#90453851 Tyler Technologies TaxWeb に複数の脆弱性
http://jvn.jp/cert/JVNVU90453851/
JVNVU#97210126 TVT TD-2308SS-B にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU97210126/
JVNVU#95174988 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95174988/
VU#952422 Cisco Identity Services Engine contains an input validation vulnerability
http://www.kb.cert.org/vuls/id/952422
LOCAL: BlazeDVD 6.2 (.plf) - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29263
LOCAL: VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29234
Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185
http://secunia.com/advisories/55427/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5710
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2006
Advisory: Sophos Mobile Control - vulnerability found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx
「出口対策」を強化せよ、新型攻撃と戦うユーザーに必要な意識改革
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513369/?ST=security
米当局は駐独米大使館を拠点にベルリンを盗聴、独誌が報じる
http://itpro.nikkeibp.co.jp/article/NEWS/20131028/514063/?ST=security
JVNVU#90453851 Tyler Technologies TaxWeb に複数の脆弱性
http://jvn.jp/cert/JVNVU90453851/
JVNVU#97210126 TVT TD-2308SS-B にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU97210126/
JVNVU#95174988 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95174988/
VU#952422 Cisco Identity Services Engine contains an input validation vulnerability
http://www.kb.cert.org/vuls/id/952422
LOCAL: BlazeDVD 6.2 (.plf) - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29263
LOCAL: VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29234
Apache Struts2 showcase multiple XSS
http://cxsecurity.com/issue/WLB-2013100185
2013年10月28日月曜日
28日 月曜日、友引
+ CESA-2013:1458 Moderate CentOS 5 gnupg Update
http://lwn.net/Alerts/571724/
+ CESA-2013:1459 Moderate CentOS 5 gnupg2 Update
http://lwn.net/Alerts/571726/
+ CESA-2013:1457 Moderate CentOS 5 libgcrypt Update
http://lwn.net/Alerts/571727/
+ CESA-2013:1459 Moderate CentOS 6 gnupg2 Update
http://lwn.net/Alerts/571725/
+ CESA-2013:1457 Moderate CentOS 6 libgcrypt Update
http://lwn.net/Alerts/571728/
+ VMware Player 6.0.1 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0|
+ Apache Tomcat 7.0.47 Released
http://tomcat.apache.org/download-70.cgi
+ OpenLDAP 2.4.37 released
http://www.openldap.org/software/download/
+ Linux Kernel ip_output Memory Corruption Flaw Lets Local Users Deny Service or Gain Elevated Privileges
http://www.securitytracker.com/id/1029254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
+ GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
http://www.securitytracker.com/id/1029243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
+ GnuPG Side-Channel Attack Lets Local Users Recover RSA Secret Keys
http://www.securitytracker.com/id/1029242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
+ Glibc getaddrinfo() Overflow Lets Remote or Local Users Deny Service
http://www.securitytracker.com/id/1029238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
セキュリティ・ホットトピックス
Apple IDを狙うリストアタックが多発、サイトが攻撃を回避する手段とは
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513462/?ST=security
JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/index.html
VU#785838 TVT TD-2308SS-B DVR contains a directory traversal vulnerability
http://www.kb.cert.org/vuls/id/785838
VU#911678 Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/911678
REMOTE: Open Flash Chart 2 Arbitrary File Upload
http://www.exploit-db.com/exploits/29210
LOCAL: Photodex ProShow Producer 5.0.3310 - Local Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29213
http://lwn.net/Alerts/571724/
+ CESA-2013:1459 Moderate CentOS 5 gnupg2 Update
http://lwn.net/Alerts/571726/
+ CESA-2013:1457 Moderate CentOS 5 libgcrypt Update
http://lwn.net/Alerts/571727/
+ CESA-2013:1459 Moderate CentOS 6 gnupg2 Update
http://lwn.net/Alerts/571725/
+ CESA-2013:1457 Moderate CentOS 6 libgcrypt Update
http://lwn.net/Alerts/571728/
+ VMware Player 6.0.1 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0|
+ Apache Tomcat 7.0.47 Released
http://tomcat.apache.org/download-70.cgi
+ OpenLDAP 2.4.37 released
http://www.openldap.org/software/download/
+ Linux Kernel ip_output Memory Corruption Flaw Lets Local Users Deny Service or Gain Elevated Privileges
http://www.securitytracker.com/id/1029254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
+ GnuPG Incorrect Processing of Key Flags Subpacket May Let Users Bypass Security Controls
http://www.securitytracker.com/id/1029243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
+ GnuPG Side-Channel Attack Lets Local Users Recover RSA Secret Keys
http://www.securitytracker.com/id/1029242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
+ Glibc getaddrinfo() Overflow Lets Remote or Local Users Deny Service
http://www.securitytracker.com/id/1029238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
セキュリティ・ホットトピックス
Apple IDを狙うリストアタックが多発、サイトが攻撃を回避する手段とは
http://itpro.nikkeibp.co.jp/article/COLUMN/20131024/513462/?ST=security
JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/index.html
VU#785838 TVT TD-2308SS-B DVR contains a directory traversal vulnerability
http://www.kb.cert.org/vuls/id/785838
VU#911678 Tyler Technologies TaxWeb 3.13.3.1 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/911678
REMOTE: Open Flash Chart 2 Arbitrary File Upload
http://www.exploit-db.com/exploits/29210
LOCAL: Photodex ProShow Producer 5.0.3310 - Local Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/29213
2013年10月25日金曜日
25日 金曜日、大安
+ RHSA-2013:1457 Moderate: libgcrypt security update
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
+ RHSA-2013:1459 Moderate: gnupg2 security update
http://rhn.redhat.com/errata/RHSA-2013-1459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ RHSA-2013:1458 Moderate: gnupg security update
http://rhn.redhat.com/errata/RHSA-2013-1458.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ SA55305 MantisBT Project Names Script Insertion Vulnerability
http://secunia.com/advisories/55305/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460
+ Microsoft Word Protect Document Password Feature
http://cxsecurity.com/issue/WLB-2013100168
+ MantisBT 'account_sponsor_page.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/63273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460
Advisory: Sophos Mobile Control - security issue found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx
ゲームから仕事紹介サイトまで。オンラインで活性化する「マネーロンダリング」(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513583/?ST=security
マカフィー、生体認証に対応した個人向けセキュリティソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513582/?ST=security
チェックしておきたい脆弱性情報<2013.10.25>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512284/?ST=security
高度なマルウエアは防げない、「アフターテクノロジー」が重要
オリバー・フリードリックス氏 米ソースファイア クラウドテクノロジーグループ 上級副社長
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512834/?ST=security
ネットバンキングの情報盗む「BANCOS」が急増、IPAの3Q報告書
http://itpro.nikkeibp.co.jp/article/NEWS/20131024/513302/?ST=security
http://rhn.redhat.com/errata/RHSA-2013-1457.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
+ RHSA-2013:1459 Moderate: gnupg2 security update
http://rhn.redhat.com/errata/RHSA-2013-1459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ RHSA-2013:1458 Moderate: gnupg security update
http://rhn.redhat.com/errata/RHSA-2013-1458.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ SA55305 MantisBT Project Names Script Insertion Vulnerability
http://secunia.com/advisories/55305/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460
+ Microsoft Word Protect Document Password Feature
http://cxsecurity.com/issue/WLB-2013100168
+ MantisBT 'account_sponsor_page.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/63273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4460
Advisory: Sophos Mobile Control - security issue found in JBoss
http://www.sophos.com/en-us/support/knowledgebase/119987.aspx
ゲームから仕事紹介サイトまで。オンラインで活性化する「マネーロンダリング」(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513583/?ST=security
マカフィー、生体認証に対応した個人向けセキュリティソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20131025/513582/?ST=security
チェックしておきたい脆弱性情報<2013.10.25>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512284/?ST=security
高度なマルウエアは防げない、「アフターテクノロジー」が重要
オリバー・フリードリックス氏 米ソースファイア クラウドテクノロジーグループ 上級副社長
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512834/?ST=security
ネットバンキングの情報盗む「BANCOS」が急増、IPAの3Q報告書
http://itpro.nikkeibp.co.jp/article/NEWS/20131024/513302/?ST=security
2013年10月24日木曜日
24日 木曜日、仏滅
+ About the security content of iTunes 11.1.2
http://support.apple.com/kb/HT6001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
+ About the security content of Apple Remote Desktop 3.7
http://support.apple.com/kb/HT5998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
+ About the security content of Apple Remote Desktop 3.5.4
http://support.apple.com/kb/HT5997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
+ About the security content of OS X Server v3.0
http://support.apple.com/kb/HT5999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5143
+ About the security content of Keynote 6.0
http://support.apple.com/kb/HT6002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5148
+ About the security content of OS X Mavericks v10.9
http://support.apple.com/kb/HT6011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5192
+ About the security content of Safari 6.1
http://support.apple.com/kb/HT6000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5131
+ About the security content of iOS 7.0.3
http://support.apple.com/kb/HT6010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164
+ CESA-2013:1452 Moderate CentOS 5 vino Update
http://lwn.net/Alerts/571425/
+ CESA-2013:1452 Moderate CentOS 6 vino Update
http://lwn.net/Alerts/571426/
+ CESA-2013:1451 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571423/
+ CESA-2013:1449 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/571424/
+ CESA-2013:1447 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571422/
+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr
+ Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
+ Multiple Vulnerabilities in Cisco Identity Services Engine
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise
+ glibc AF_INET6 stack overflow
http://cxsecurity.com/issue/WLB-2013100160
+ Microsoft Silverlight Invalid Typecast / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100158
+ Windows Management Instrumentation (WMI) Remote Command Execution
http://cxsecurity.com/issue/WLB-2013100152
+ SA55309 GNU C Library "getaddrinfo()" Denial of Service Vulnerability
http://secunia.com/advisories/55309/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
ウイルス対策製品検出用検索エンジン 3.5.8760 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2029
Trend Micro Portable Security 1.5 Patch 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2028
curl in Mac OS X Mavericks 10.9
http://curl.haxx.se/mail/archive-2013-10/0036.html
開発体制を企業市場向けにも拡大、金融モバイル取引のセキュリティ対策が急務に
露カスペルスキー CTO ニコライ・グレベンニコ氏
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512753/?ST=security
ウォッチガード、自社UTMのログを可視化・分析するソフトの無償提供を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513212/?ST=security
セブンネットショッピングに不正アクセス、約15万件のカード情報に不正閲覧の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513203/?ST=security
ウイングアーク、PDF帳票の長期アーカイブでキーレス署名を可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513062/?ST=security
一般個人を狙う標的型攻撃がやってくる
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512763/?ST=security
あなたのそのセキュリティ認識、間違っています
http://itpro.nikkeibp.co.jp/article/COLUMN/20131017/511850/?ST=security
JVNVU#93851007 DrayTek Vigor2700 にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU93851007/
LOCAL: Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation
http://www.exploit-db.com/exploits/29125
http://support.apple.com/kb/HT6001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
+ About the security content of Apple Remote Desktop 3.7
http://support.apple.com/kb/HT5998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
+ About the security content of Apple Remote Desktop 3.5.4
http://support.apple.com/kb/HT5997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
+ About the security content of OS X Server v3.0
http://support.apple.com/kb/HT5999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5143
+ About the security content of Keynote 6.0
http://support.apple.com/kb/HT6002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5148
+ About the security content of OS X Mavericks v10.9
http://support.apple.com/kb/HT6011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5192
+ About the security content of Safari 6.1
http://support.apple.com/kb/HT6000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5131
+ About the security content of iOS 7.0.3
http://support.apple.com/kb/HT6010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164
+ CESA-2013:1452 Moderate CentOS 5 vino Update
http://lwn.net/Alerts/571425/
+ CESA-2013:1452 Moderate CentOS 6 vino Update
http://lwn.net/Alerts/571426/
+ CESA-2013:1451 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571423/
+ CESA-2013:1449 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/571424/
+ CESA-2013:1447 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/571422/
+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iosxr
+ Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
+ Multiple Vulnerabilities in Cisco Identity Services Engine
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise
+ glibc AF_INET6 stack overflow
http://cxsecurity.com/issue/WLB-2013100160
+ Microsoft Silverlight Invalid Typecast / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100158
+ Windows Management Instrumentation (WMI) Remote Command Execution
http://cxsecurity.com/issue/WLB-2013100152
+ SA55309 GNU C Library "getaddrinfo()" Denial of Service Vulnerability
http://secunia.com/advisories/55309/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458
ウイルス対策製品検出用検索エンジン 3.5.8760 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2029
Trend Micro Portable Security 1.5 Patch 2 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2028
curl in Mac OS X Mavericks 10.9
http://curl.haxx.se/mail/archive-2013-10/0036.html
開発体制を企業市場向けにも拡大、金融モバイル取引のセキュリティ対策が急務に
露カスペルスキー CTO ニコライ・グレベンニコ氏
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512753/?ST=security
ウォッチガード、自社UTMのログを可視化・分析するソフトの無償提供を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513212/?ST=security
セブンネットショッピングに不正アクセス、約15万件のカード情報に不正閲覧の可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513203/?ST=security
ウイングアーク、PDF帳票の長期アーカイブでキーレス署名を可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/513062/?ST=security
一般個人を狙う標的型攻撃がやってくる
http://itpro.nikkeibp.co.jp/article/Interview/20131022/512763/?ST=security
あなたのそのセキュリティ認識、間違っています
http://itpro.nikkeibp.co.jp/article/COLUMN/20131017/511850/?ST=security
JVNVU#93851007 DrayTek Vigor2700 にコマンドインジェクションの脆弱性
http://jvn.jp/cert/JVNVU93851007/
LOCAL: Avira Internet Security avipbb.sys Filter Bypass and Privilege Escalation
http://www.exploit-db.com/exploits/29125
2013年10月23日水曜日
23日 水曜日、先負
+ RHSA-2013:1452 Moderate: vino security update
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
+ RHSA-2013:1451 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-1451.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851
+ Selenium Server 2.37.0 released
http://code.google.com/p/selenium/wiki/Grid2
+ Selenium IE Driver Server 2.37.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 2.37.0 released
http://docs.seleniumhq.org/download/
+ CentOS 5.10 released
http://lists.centos.org/pipermail/centos-announce/2013-October/019978.html
+ RHSA-2013:1449 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1449.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
+ RHSA-2013:1452 Moderate: vino security update
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
+ HS13-025 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
+ HS13-025 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-025/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
+ Nmap 6.40 Released
http://seclists.org/nmap-announce/2013/1
+ Android Camera Driver Buffer Overflow / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100146
+ Apple iOS 7 for iPhone CVE-2013-5164 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164
+ Apple iOS 7 for iPhone CVE-2013-5162 Security Bypass Vulnerability
http://www.securityfocus.com/bid/63277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162
+ Apple iOS 7 for iPhone CVE-2013-5144 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144
Mac OS X 10.9 (Mavericks) に対する弊社エンドポイント製品の対応状況について
http://www.trendmicro.co.jp/support/news.asp?id=2030
ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020
Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx
Windowsストアで「トレンドマイクロ コネクト」公開、セキュリティ状況を一元管理
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/512943/?ST=security
世界のセキュリティ・ラボから
IEの脆弱性を利用する標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512282/?ST=security
Google、DDoS攻撃や検閲からWebサイトを保護する取り組みなど発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131022/512665/?ST=security
UPDATE: JVN#59503133 複数の NEC 製モバイルルータにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN59503133/index.html
UPDATE: JVNVU#405811 Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU405811/index.html
VU#101462 DrayTek Vigor 2700 ADSL router contains a command injection vulnerability
http://www.kb.cert.org/vuls/id/101462
REMOTE: D-Link DIR-605L Captcha Handling Buffer Overflow
http://www.exploit-db.com/exploits/29127
REMOTE: Interactive Graphical SCADA System Remote Command Injection
http://www.exploit-db.com/exploits/29129
REMOTE: HP Intelligent Management Center BIMS UploadServlet Directory Traversal
http://www.exploit-db.com/exploits/29130
REMOTE: WebTester 5.x Command Execution
http://www.exploit-db.com/exploits/29132
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
+ RHSA-2013:1451 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-1451.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851
+ Selenium Server 2.37.0 released
http://code.google.com/p/selenium/wiki/Grid2
+ Selenium IE Driver Server 2.37.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 2.37.0 released
http://docs.seleniumhq.org/download/
+ CentOS 5.10 released
http://lists.centos.org/pipermail/centos-announce/2013-October/019978.html
+ RHSA-2013:1449 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1449.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368
+ RHSA-2013:1452 Moderate: vino security update
http://rhn.redhat.com/errata/RHSA-2013-1452.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745
+ HS13-025 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
+ HS13-025 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-025/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
+ Nmap 6.40 Released
http://seclists.org/nmap-announce/2013/1
+ Android Camera Driver Buffer Overflow / Memory Disclosure
http://cxsecurity.com/issue/WLB-2013100146
+ Apple iOS 7 for iPhone CVE-2013-5164 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5164
+ Apple iOS 7 for iPhone CVE-2013-5162 Security Bypass Vulnerability
http://www.securityfocus.com/bid/63277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5162
+ Apple iOS 7 for iPhone CVE-2013-5144 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5144
Mac OS X 10.9 (Mavericks) に対する弊社エンドポイント製品の対応状況について
http://www.trendmicro.co.jp/support/news.asp?id=2030
ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020
Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx
Windowsストアで「トレンドマイクロ コネクト」公開、セキュリティ状況を一元管理
http://itpro.nikkeibp.co.jp/article/NEWS/20131023/512943/?ST=security
世界のセキュリティ・ラボから
IEの脆弱性を利用する標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512282/?ST=security
Google、DDoS攻撃や検閲からWebサイトを保護する取り組みなど発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131022/512665/?ST=security
UPDATE: JVN#59503133 複数の NEC 製モバイルルータにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN59503133/index.html
UPDATE: JVNVU#405811 Apache HTTPD サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU405811/index.html
VU#101462 DrayTek Vigor 2700 ADSL router contains a command injection vulnerability
http://www.kb.cert.org/vuls/id/101462
REMOTE: D-Link DIR-605L Captcha Handling Buffer Overflow
http://www.exploit-db.com/exploits/29127
REMOTE: Interactive Graphical SCADA System Remote Command Injection
http://www.exploit-db.com/exploits/29129
REMOTE: HP Intelligent Management Center BIMS UploadServlet Directory Traversal
http://www.exploit-db.com/exploits/29130
REMOTE: WebTester 5.x Command Execution
http://www.exploit-db.com/exploits/29132
2013年10月22日火曜日
22日 火曜日、友引
+ CESA-2013:1441 Moderate CentOS 6 rubygems Update
http://lwn.net/Alerts/571110/
+ CESA-2013:1436 Moderate CentOS 6 kernel Update
http://lwn.net/Alerts/570788/
+ RHSA-2013:1447 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-1447.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851
+ Linux Kernel Device Mapper Snapshot Error Lets Local Users Read From Free Disk Space
http://www.securitytracker.com/id/1029217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
+ Node.js HTTP Server Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029210
http://cxsecurity.com/issue/WLB-2013100136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450
+ glibc 2.5 <= reloc types to crash bug
http://cxsecurity.com/issue/WLB-2013100132
チェックしておきたい脆弱性情報<2013.10.22>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131021/512283/?ST=security
Apple、同社がiMessageを読めるとの調査報告を否定---米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131021/512346/?ST=security
JVNVU#95955023 JavaServer Faces に複数の脆弱性
http://jvn.jp/cert/JVNVU95955023/index.html
JVNVU#97653535 Watchguard Extensible Threat Management (XTM) にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU97653535/index.html
REMOTE: FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
http://www.exploit-db.com/exploits/28450
2013年10月21日月曜日
21日 月曜日、先勝
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ CVE-2012-6329 Code Injection vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2010-2761 Code Injection Vulnerability in perl
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
+ CVE-2011-3597 Improper Input Validation vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3597_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3597
+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
+ CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_cve_2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4411
+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728
+ CVE-2011-2728 Denial of Service Vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728
+ VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5971
+ Zimbra Collaboration Suite 8.0.5, 7.2.5 released
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.5.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.5.pdf
+ Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files
http://www.securitytracker.com/id/1029209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4117
+ Sybase Adaptive Server XML External Entity Processing Flaw Lets Remote Authenticate Users View Files
http://www.securitytracker.com/id/1029208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6025
+ VU#526012 Oracle JavaServer Faces contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/526012
+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100131
+ SA55311 Bugzilla Multiple Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/55311/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1743
Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.5 リパック版および Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2017
DbWrench Database Design v3.0.1 Released
http://www.postgresql.org/about/news/1488/
JVNDB-2013-000095 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000095.html
インターコムがクライアント管理新版「MaLion 4」、XP端末のWeb禁止やMac管理強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131018/511988/?ST=security
JVNVU#98285660 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU98285660/index.html
JVNVU#90204379 複数の D-Link 製ルータに認証回避の脆弱性
http://jvn.jp/cert/JVNVU90204379/index.html
JVNVU#97158970 SAP Sybase Adaptive Server Enterprise に XML インジェクションの脆弱性
http://jvn.jp/cert/JVNVU97158970/index.html
JVN#52509236 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvn.jp/jp/JVN52509236/index.html
VU#233990 Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/233990
REMOTE: SikaBoom - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29035
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4196
+ CVE-2012-6329 Code Injection vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2010-2761 Code Injection Vulnerability in perl
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_code_injection
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
+ CVE-2011-3597 Improper Input Validation vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3597_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3597
+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
+ CVE-2010-2761, CVE-2010-4411 Vulnerabilities in CGI.pm Perl Module in Solaris 10
https://blogs.oracle.com/sunsecurity/entry/cve_2010_2761_cve_2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4411
+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728
+ CVE-2011-2728 Denial of Service Vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728
+ VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2013-0012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5971
+ Zimbra Collaboration Suite 8.0.5, 7.2.5 released
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.5.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.5.pdf
+ Cisco Unified Computing System Bugs Let Remote Users Conduct Man-in-the-Middle Attacks and Obtain Information and Let Local Users View Files
http://www.securitytracker.com/id/1029209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4117
+ Sybase Adaptive Server XML External Entity Processing Flaw Lets Remote Authenticate Users View Files
http://www.securitytracker.com/id/1029208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6025
+ VU#526012 Oracle JavaServer Faces contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/526012
+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100131
+ SA55311 Bugzilla Multiple Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/55311/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1743
Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.5 リパック版および Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2017
DbWrench Database Design v3.0.1 Released
http://www.postgresql.org/about/news/1488/
JVNDB-2013-000095 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000095.html
インターコムがクライアント管理新版「MaLion 4」、XP端末のWeb禁止やMac管理強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131018/511988/?ST=security
JVNVU#98285660 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU98285660/index.html
JVNVU#90204379 複数の D-Link 製ルータに認証回避の脆弱性
http://jvn.jp/cert/JVNVU90204379/index.html
JVNVU#97158970 SAP Sybase Adaptive Server Enterprise に XML インジェクションの脆弱性
http://jvn.jp/cert/JVNVU97158970/index.html
JVN#52509236 HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性
http://jvn.jp/jp/JVN52509236/index.html
VU#233990 Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/233990
REMOTE: SikaBoom - Remote Buffer Overflow
http://www.exploit-db.com/exploits/29035
2013年10月18日金曜日
18日 金曜日、仏滅
+ RHSA-2013:1441 Moderate: rubygems security update
http://rhn.redhat.com/errata/RHSA-2013-1441.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
+ CESA-2013:1426 Important CentOS 6 xorg-x11-server Update
http://lwn.net/Alerts/570658/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Apache Struts 2.3.15.3 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
+ PHP 5.5.5, 5.4.21 released
http://php.net/archive/2013.php#id2013-10-16-1
http://php.net/archive/2013.php#id2013-10-17-1
+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/changes.html
ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2021
InterScan Messaging Security Virtual Appliance 8.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2026
JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/
JVNVU#92570654 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU92570654/
UPDATE: JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html
JVNVU#96465452 Open Shortest Path First (OSPF) プロトコルの Link State Advertisement (LSA) に関する問題
http://jvn.jp/cert/JVNVU96465452/index.html
Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029205
VU#959313 Oracle Outside In OS/2 Metafile parser stack buffer overflow
http://www.kb.cert.org/vuls/id/959313
VU#248083 D-Link routers authenticate administrative access using specific User-Agent string
http://www.kb.cert.org/vuls/id/248083
VU#303900 SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
http://www.kb.cert.org/vuls/id/303900
http://rhn.redhat.com/errata/RHSA-2013-1441.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
+ CESA-2013:1426 Important CentOS 6 xorg-x11-server Update
http://lwn.net/Alerts/570658/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Apache Struts 2.3.15.3 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23153.html
+ PHP 5.5.5, 5.4.21 released
http://php.net/archive/2013.php#id2013-10-16-1
http://php.net/archive/2013.php#id2013-10-17-1
+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/changes.html
ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2021
InterScan Messaging Security Virtual Appliance 8.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2026
JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/
JVNVU#92570654 Oracle Outside In にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU92570654/
UPDATE: JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html
JVNVU#96465452 Open Shortest Path First (OSPF) プロトコルの Link State Advertisement (LSA) に関する問題
http://jvn.jp/cert/JVNVU96465452/index.html
Bugzilla Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029205
VU#959313 Oracle Outside In OS/2 Metafile parser stack buffer overflow
http://www.kb.cert.org/vuls/id/959313
VU#248083 D-Link routers authenticate administrative access using specific User-Agent string
http://www.kb.cert.org/vuls/id/248083
VU#303900 SAP Sybase Adaptive Server Enterprise vulnerable to XML injection
http://www.kb.cert.org/vuls/id/303900
2013年10月17日木曜日
17日 木曜日、先負
+ RHSA-2013:1436 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1436.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
+ GCC 4.8.2 released
http://gcc.gnu.org/gcc-4.8/
+ Apple iOS 7.0.2 SIM Lock Screen Display Bypass
http://cxsecurity.com/issue/WLB-2013100103
ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020
InterScan for Lotus Domino 5.0AIX版および5.5 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2024
InterScan for Lotus Domino 5.0 Windows Patch 3 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2023
日経コンピュータReport
疑念深まる、米政府による暗号解読
問題のアルゴリズム、日本政府は採用拒否
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510544/?ST=security
ZLテクノロジーズ、e-Discoveryメールアーカイブの新版でSNSも分析可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131016/511470/?ST=security
UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html
JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html
JVNVU#93045890 HR Systems Strategies の info:HR に認証情報の管理に関する脆弱性
http://jvn.jp/cert/JVNVU93045890/index.html
VU#953241 Oracle Outside In Microsoft Access 1.x parser stack buffer overflow
http://www.kb.cert.org/vuls/id/953241
http://rhn.redhat.com/errata/RHSA-2013-1436.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4299
+ GCC 4.8.2 released
http://gcc.gnu.org/gcc-4.8/
+ Apple iOS 7.0.2 SIM Lock Screen Display Bypass
http://cxsecurity.com/issue/WLB-2013100103
ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2020
InterScan for Lotus Domino 5.0AIX版および5.5 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2024
InterScan for Lotus Domino 5.0 Windows Patch 3 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2023
日経コンピュータReport
疑念深まる、米政府による暗号解読
問題のアルゴリズム、日本政府は採用拒否
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510544/?ST=security
ZLテクノロジーズ、e-Discoveryメールアーカイブの新版でSNSも分析可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131016/511470/?ST=security
UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html
JVNTA13-288A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-288A/index.html
JVNVU#93045890 HR Systems Strategies の info:HR に認証情報の管理に関する脆弱性
http://jvn.jp/cert/JVNVU93045890/index.html
VU#953241 Oracle Outside In Microsoft Access 1.x parser stack buffer overflow
http://www.kb.cert.org/vuls/id/953241
2013年10月16日水曜日
16日 水曜日、友引
+ RHSA-2013:1426 Important: xorg-x11-server security update
http://rhn.redhat.com/errata/RHSA-2013-1426.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
+ About the security content of Java for OS X 2013-005 and Mac OS X v10.6 Update 17
http://support.apple.com/kb/HT5982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
+ CESA-2013:1418 Moderate CentOS 6 libtar Update
http://lwn.net/Alerts/570301/
+ Google Chrome 30.0.1599.101 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927
+ UPDATE: HPSBGN02441 SSRT090082 rev.2 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01798159-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4833
+ UPDATE: HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03897409-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ CVE-2013-4238 Input Validation vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4238_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
+ Multiple vulnerabilities in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939
+ CVE-2013-1896 Denial of Service (DoS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1896_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
+ Oracle Critical Patch Update Advisory - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
+ Java SE Development Kit 7, Update 45 (JDK 7u45) released
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
+ MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data
http://www.securitytracker.com/id/1029184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807
+ Microsoft Internet Explorer CDisplayPointer Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2013100091
+ REMOTE: HP Data Protector Cell Request Service Buffer Overflow
http://www.exploit-db.com/exploits/28973
+ REMOTE: MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
http://www.exploit-db.com/exploits/28974
+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962
+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957
+ Apple iOS Sim Lock Screen Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63039
日経コンピュータReport
米政府が暗号を解読、崩れるネットの安全性
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510542/?ST=security
先鋭化した手法で日本を狙う、攻撃者はなぜ変容したのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20131014/510862/?ST=security
VU#829574 HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password
http://www.kb.cert.org/vuls/id/829574
REMOTE: Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
http://www.exploit-db.com/exploits/28968
LOCAL: Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow
http://www.exploit-db.com/exploits/28969
LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955
http://rhn.redhat.com/errata/RHSA-2013-1426.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396
+ About the security content of Java for OS X 2013-005 and Mac OS X v10.6 Update 17
http://support.apple.com/kb/HT5982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
+ CESA-2013:1418 Moderate CentOS 6 libtar Update
http://lwn.net/Alerts/570301/
+ Google Chrome 30.0.1599.101 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927
+ UPDATE: HPSBGN02441 SSRT090082 rev.2 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01798159-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4833
+ UPDATE: HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03897409-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ CVE-2013-4238 Input Validation vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4238_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195
+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
+ Multiple vulnerabilities in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939
+ CVE-2013-1896 Denial of Service (DoS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1896_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
+ Oracle Critical Patch Update Advisory - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
+ Java SE Development Kit 7, Update 45 (JDK 7u45) released
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html
+ MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data
http://www.securitytracker.com/id/1029184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807
+ Microsoft Internet Explorer CDisplayPointer Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2013100091
+ REMOTE: HP Data Protector Cell Request Service Buffer Overflow
http://www.exploit-db.com/exploits/28973
+ REMOTE: MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
http://www.exploit-db.com/exploits/28974
+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962
+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957
+ Apple iOS Sim Lock Screen Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63039
日経コンピュータReport
米政府が暗号を解読、崩れるネットの安全性
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510542/?ST=security
先鋭化した手法で日本を狙う、攻撃者はなぜ変容したのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20131014/510862/?ST=security
VU#829574 HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password
http://www.kb.cert.org/vuls/id/829574
REMOTE: Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
http://www.exploit-db.com/exploits/28968
LOCAL: Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow
http://www.exploit-db.com/exploits/28969
LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955
2013年10月15日火曜日
15日 火曜日、先勝
+ Mozilla Thunderbird 24.0.1 released
http://www.mozilla.org/en-US/thunderbird/24.0.1/releasenotes/
+ Oracle Critical Patch Update Pre-Release Announcement - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
+ HS13-024 Multiple Issues in JP1/VERITAS Backup Exec
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-024/index.html
+ HS13-024 JP1/VERITAS Backup Execにおける複数の問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-024/index.html
+ FreeBSD-10.0 BETA1 released
http://www.freebsd.org/news/newsflash.html#event20131014:01
+ cURL 7.33.0 released
http://curl.haxx.se/changes.html#7_33_0
+ Samba 4.1.0 Available for Download
http://samba.org/samba/history/samba-4.1.0.html
+ Juniper Junos J-Web Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
+ Juniper Junos SRX Series Gateway TCP Proxy Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015
+ Juniper Junos PIM Join Message Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1029176
+ HP Business Process Monitor Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4804
+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962
+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957
+ Apache Software Foundation A Subsite Remote command execution
http://cxsecurity.com/issue/WLB-2013100080
+ SA54767 Linux Kernel IPV6 UFO Packets Handling Denial of Service Vulnerabilities
http://secunia.com/advisories/54767/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
+ SA55216 Juniper Junos PIM Join Flooding Denial of Service Vulnerability
http://secunia.com/advisories/55216/
+ SA55138 libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
http://secunia.com/advisories/55138/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420
+ SA55212 Juniper Junos "glob()" Denial of Service Security Issue
http://secunia.com/advisories/55212/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
+ SA55218 Juniper Junos TCP Packet Handling Denial of Service Vulnerability
http://secunia.com/advisories/55218/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015
+ SA55109 Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/55109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013
+ Juniper Networks Junos Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/62973
+ Juniper Networks Junos Telnet Messages Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013
サーバメンテナンスのお知らせ(2013年10月16日)
http://www.trendmicro.co.jp/support/news.asp?id=2027
ウイルスバスター for Mac プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2025
E-Maj 1.1.0 released
http://www.postgresql.org/about/news/1486/
JVNVU#99397682 無線 LAN アクセスポイント ZoneFlex 2942 に認証回避の脆弱性
http://jvn.jp/cert/JVNVU99397682/
LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955
http://www.mozilla.org/en-US/thunderbird/24.0.1/releasenotes/
+ Oracle Critical Patch Update Pre-Release Announcement - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
+ HS13-024 Multiple Issues in JP1/VERITAS Backup Exec
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-024/index.html
+ HS13-024 JP1/VERITAS Backup Execにおける複数の問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-024/index.html
+ FreeBSD-10.0 BETA1 released
http://www.freebsd.org/news/newsflash.html#event20131014:01
+ cURL 7.33.0 released
http://curl.haxx.se/changes.html#7_33_0
+ Samba 4.1.0 Available for Download
http://samba.org/samba/history/samba-4.1.0.html
+ Juniper Junos J-Web Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1029178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
+ Juniper Junos SRX Series Gateway TCP Proxy Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015
+ Juniper Junos PIM Join Message Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1029176
+ HP Business Process Monitor Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4804
+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962
+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957
+ Apache Software Foundation A Subsite Remote command execution
http://cxsecurity.com/issue/WLB-2013100080
+ SA54767 Linux Kernel IPV6 UFO Packets Handling Denial of Service Vulnerabilities
http://secunia.com/advisories/54767/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
+ SA55216 Juniper Junos PIM Join Flooding Denial of Service Vulnerability
http://secunia.com/advisories/55216/
+ SA55138 libtar "tar_extract_glob()" and "tar_extract_all()" Directory Traversal Vulnerabilities
http://secunia.com/advisories/55138/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420
+ SA55212 Juniper Junos "glob()" Denial of Service Security Issue
http://secunia.com/advisories/55212/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632
+ SA55218 Juniper Junos TCP Packet Handling Denial of Service Vulnerability
http://secunia.com/advisories/55218/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6015
+ SA55109 Juniper Junos Telnet Messages Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/55109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013
+ Juniper Networks Junos Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/62973
+ Juniper Networks Junos Telnet Messages Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6013
サーバメンテナンスのお知らせ(2013年10月16日)
http://www.trendmicro.co.jp/support/news.asp?id=2027
ウイルスバスター for Mac プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2025
E-Maj 1.1.0 released
http://www.postgresql.org/about/news/1486/
JVNVU#99397682 無線 LAN アクセスポイント ZoneFlex 2942 に認証回避の脆弱性
http://jvn.jp/cert/JVNVU99397682/
LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955
2013年10月11日金曜日
11日 金曜日、先負
+ RHSA-2013:1418 Moderate: libtar security update
http://rhn.redhat.com/errata/RHSA-2013-1418.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ PostgreSQL 9.3.1, 9.2.5, 9.1.10, 9.0.14, 8.4.18 released
http://www.postgresql.org/about/news/1487/
http://www.postgresql.org/docs/9.3/static/release-9-3-1.html
http://www.postgresql.org/docs/9.2/static/release-9-2-5.html
http://www.postgresql.org/docs/9.1/static/release-9-1-10.html
http://www.postgresql.org/docs/9.0/static/release-9-0-14.html
http://www.postgresql.org/docs/8.4/static/release-8-4-18.html
+ HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information
http://www.securitytracker.com/id/1029165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827
+ HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1029164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823
+ GnuPG infinite recursion in the compressed packet parser
http://cxsecurity.com/issue/WLB-2013100063
+ SA55166 Juniper Junos J-Web Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/55166/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
+ SA55213 Symantec Management Platform Static Key Information Disclosure Weakness
http://secunia.com/advisories/55213/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008
+ SA55197 Apache mod_fcgid "fcgid_header_bucket_read()" Buffer Overflow Vulnerability
http://secunia.com/advisories/55197/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4365
+ Cisco IOS and IOS XE OSPF Opaque LSA CVE-2013-5527 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5527
+ Cisco Prime Central for HCS 'Credentials' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/62924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3409
+ Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5526
+ Linux Kernel CVE-2013-4387 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
+ Juniper Junos J-Web CVE-2013-4689 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/62940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
スマートウォッチは便利そうだけど、生体情報が漏れたらイヤだ
http://itpro.nikkeibp.co.jp/article/Watcher/20131008/509922/?ST=security
[ITpro EXPO 2013]「感染を想定したウイルス対策を」――S&Jの三輪氏
http://itpro.nikkeibp.co.jp/article/NEWS/20131010/510389/?ST=security
VU#742932 Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/742932
REMOTE: Indusoft Thin Client 7.1 ActiveX - Buffer Overflow
http://www.exploit-db.com/exploits/28853
REMOTE: Linksys WRT110 Remote Command Execution
http://www.exploit-db.com/exploits/28856
DoS/PoC: ONO Hitron CDE-30364 Router - Denial Of Service
http://www.exploit-db.com/exploits/28852
DoS/PoC: ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow PoC
http://www.exploit-db.com/exploits/28855
http://rhn.redhat.com/errata/RHSA-2013-1418.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ PostgreSQL 9.3.1, 9.2.5, 9.1.10, 9.0.14, 8.4.18 released
http://www.postgresql.org/about/news/1487/
http://www.postgresql.org/docs/9.3/static/release-9-3-1.html
http://www.postgresql.org/docs/9.2/static/release-9-2-5.html
http://www.postgresql.org/docs/9.1/static/release-9-1-10.html
http://www.postgresql.org/docs/9.0/static/release-9-0-14.html
http://www.postgresql.org/docs/8.4/static/release-8-4-18.html
+ HP Intelligent Management Center Multiple Flaws Lets Remote Users Bypass Authentication, Gain Unauthorized Acess, Inject SQL Commands, and Obtain Information
http://www.securitytracker.com/id/1029165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827
+ HP Intelligent Management Center Unspecified Flaws Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1029164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823
+ GnuPG infinite recursion in the compressed packet parser
http://cxsecurity.com/issue/WLB-2013100063
+ SA55166 Juniper Junos J-Web Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/55166/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
+ SA55213 Symantec Management Platform Static Key Information Disclosure Weakness
http://secunia.com/advisories/55213/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008
+ SA55197 Apache mod_fcgid "fcgid_header_bucket_read()" Buffer Overflow Vulnerability
http://secunia.com/advisories/55197/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4365
+ Cisco IOS and IOS XE OSPF Opaque LSA CVE-2013-5527 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5527
+ Cisco Prime Central for HCS 'Credentials' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/62924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3409
+ Cisco Unified IP Phones 9900 Series CVE-2013-5526 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5526
+ Linux Kernel CVE-2013-4387 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4387
+ Juniper Junos J-Web CVE-2013-4689 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/62940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4689
スマートウォッチは便利そうだけど、生体情報が漏れたらイヤだ
http://itpro.nikkeibp.co.jp/article/Watcher/20131008/509922/?ST=security
[ITpro EXPO 2013]「感染を想定したウイルス対策を」――S&Jの三輪氏
http://itpro.nikkeibp.co.jp/article/NEWS/20131010/510389/?ST=security
VU#742932 Ruckus Wireless Zoneflex 2942 Wireless Access Point vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/742932
REMOTE: Indusoft Thin Client 7.1 ActiveX - Buffer Overflow
http://www.exploit-db.com/exploits/28853
REMOTE: Linksys WRT110 Remote Command Execution
http://www.exploit-db.com/exploits/28856
DoS/PoC: ONO Hitron CDE-30364 Router - Denial Of Service
http://www.exploit-db.com/exploits/28852
DoS/PoC: ALLPlayer 5.6.2 (.m3u) - Local Buffer Overflow PoC
http://www.exploit-db.com/exploits/28855
2013年10月10日木曜日
10日 木曜日、友引
+ Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5515
+ Multiple Vulnerabilities in Cisco Firewall Services Module Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508
+ make 4.0 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D
+ UPDATE: HPSBUX02758 SSRT100774 rev.2 - HP-UX running DCE, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03261413-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Glibc Integer Overflows May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
InterScan WebManager SCC 緊急メンテナンス実施のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2018
Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx
[ITpro EXPO 2013]「未知の脆弱性情報を購入して、ゼロデイ攻撃対策を強化」、米HPの担当者
http://itpro.nikkeibp.co.jp/article/NEWS/20131009/510169/?ST=security
侵入拡大の有効な手段、ARPスプーフィング
http://itpro.nikkeibp.co.jp/article/COLUMN/20131006/509242/?ST=security
UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5515
+ Multiple Vulnerabilities in Cisco Firewall Services Module Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-fwsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5508
+ make 4.0 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D
+ UPDATE: HPSBUX02758 SSRT100774 rev.2 - HP-UX running DCE, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03261413-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Glibc Integer Overflows May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
InterScan WebManager SCC 緊急メンテナンス実施のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2018
Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx
[ITpro EXPO 2013]「未知の脆弱性情報を購入して、ゼロデイ攻撃対策を強化」、米HPの担当者
http://itpro.nikkeibp.co.jp/article/NEWS/20131009/510169/?ST=security
侵入拡大の有効な手段、ARPスプーフィング
http://itpro.nikkeibp.co.jp/article/COLUMN/20131006/509242/?ST=security
UPDATE: JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/index.html
2013年10月9日水曜日
9日 水曜日、先勝
+ 2013 年 10 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct
+ MS13-080 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2879017)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3897
+ MS13-081 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (2870008)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3894
+ MS13-082 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (2878890)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3861
+ MS13-083 - 緊急 Windows コモン コントロール ライブラリの脆弱性により、リモートでコードが実行される (2864058)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3195
+ MS13-084 - 重要 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (2885089)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3895
+ MS13-085 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2885080)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3890
+ MS13-086 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2885084)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3892
+ MS13-087 - 重要 Silverlight の脆弱性により、情報漏えいが起こる (2890788)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3896
+ APSB13-2 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325
+ APSB13-24 Security update available for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327
+ CESA-2013:1409 Moderate CentOS 6 xinetd Update
http://lwn.net/Alerts/569759/
+ HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943425-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823
+ HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943547-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827
+ UPDATE: Microsoft Security Advisory (2887505) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2887505
+ UPDATE: Microsoft Security Advisory (2862973) Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/security/advisory/2862973
+ RHSA-2013:1411 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1411.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
+ SYM13-012 Security Advisories Relating to Symantec Products - Symantec Management Platform Agent Static Service Key
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20131008_00
+ GnuPG Packet Decompression Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ Xinetd Runs TCPMUX Services With Excess Privileges
http://www.securitytracker.com/id/1029134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+ DoS/PoC: Apple Motion 5.0.7 Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/28811
+ Apple Motion 5.0.7 Integer Overflow
http://cxsecurity.com/issue/WLB-2013100047
+ Adobe Acrobat and Reader CVE-2013-5325 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/62888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325
+ Adobe RoboHelp CVE-2013-5327 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327
+ Symantec Management Platform Static Key Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/62757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008
KDDI研と三菱電機、個人を特定できる電子透かし入り動画の高速生成技術を開発
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509842/?ST=security
NRIセキュア、実際にパソコンを攻撃して脆弱性を報告するSIサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509705/?ST=security
REMOTE: HP LoadRunner magentproc.exe Overflow
http://www.exploit-db.com/exploits/28809
REMOTE: GestioIP Remote Command Execution
http://www.exploit-db.com/exploits/28810
LOCAL: davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28806
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct
+ MS13-080 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2879017)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3897
+ MS13-081 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (2870008)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3894
+ MS13-082 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (2878890)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3861
+ MS13-083 - 緊急 Windows コモン コントロール ライブラリの脆弱性により、リモートでコードが実行される (2864058)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3195
+ MS13-084 - 重要 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (2885089)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3895
+ MS13-085 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2885080)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3890
+ MS13-086 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2885084)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3892
+ MS13-087 - 重要 Silverlight の脆弱性により、情報漏えいが起こる (2890788)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3896
+ APSB13-2 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325
+ APSB13-24 Security update available for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327
+ CESA-2013:1409 Moderate CentOS 6 xinetd Update
http://lwn.net/Alerts/569759/
+ HPSBGN02929 rev.1 - HP Intelligent Management Center (iMC), HP IMC Branch Intelligent Management System Software Module (BIMS), and Comware Based Switches and Routers, Remote Code Execution, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943425-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4823
+ HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03943547-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4827
+ UPDATE: Microsoft Security Advisory (2887505) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2887505
+ UPDATE: Microsoft Security Advisory (2862973) Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/security/advisory/2862973
+ RHSA-2013:1411 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1411.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
+ SYM13-012 Security Advisories Relating to Symantec Products - Symantec Management Platform Agent Static Service Key
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20131008_00
+ GnuPG Packet Decompression Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
+ Xinetd Runs TCPMUX Services With Excess Privileges
http://www.securitytracker.com/id/1029134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+ DoS/PoC: Apple Motion 5.0.7 Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/28811
+ Apple Motion 5.0.7 Integer Overflow
http://cxsecurity.com/issue/WLB-2013100047
+ Adobe Acrobat and Reader CVE-2013-5325 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/62888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5325
+ Adobe RoboHelp CVE-2013-5327 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5327
+ Symantec Management Platform Static Key Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/62757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5008
KDDI研と三菱電機、個人を特定できる電子透かし入り動画の高速生成技術を開発
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509842/?ST=security
NRIセキュア、実際にパソコンを攻撃して脆弱性を報告するSIサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131008/509705/?ST=security
REMOTE: HP LoadRunner magentproc.exe Overflow
http://www.exploit-db.com/exploits/28809
REMOTE: GestioIP Remote Command Execution
http://www.exploit-db.com/exploits/28810
LOCAL: davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28806
2013年10月8日火曜日
8日 火曜日、赤口
+ RHSA-2013:1409 Moderate: xinetd security update
http://rhn.redhat.com/errata/RHSA-2013-1409.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+ SA55112 McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/55112/
+ SA55071 GnuPG Compressed Packet Parser Denial of Service Vulnerability
http://secunia.com/advisories/55071/
Mobageに不正ログイン、「他社サービスから流出したID、パスワードの可能性」
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509526/?ST=security
ウェブルートがセキュリティソフトの新版、マルウエアやフィッシングへの防御機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509524/?ST=security
中国政府、ミニブログ監視に200万人超を雇用---海外メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509382/?ST=security
NSAは匿名通信システム「Tor」の情報収集も行っていた---英報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509343/?ST=security
JVNVU#99975381 (訂正) NETELLER Direct に HTTP リクエストの検証不備の脆弱性
http://jvn.jp/cert/JVNVU99975381/index.html
JVNVU#98766232 McAfee Agent にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU98766232/index.html
JVNVU#96826639 ASUS Wireless-N150 Router RT-N10E に認証回避の脆弱性
http://jvn.jp/cert/JVNVU96826639/index.html
http://rhn.redhat.com/errata/RHSA-2013-1409.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342
+ SA55112 McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshalled Object Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/55112/
+ SA55071 GnuPG Compressed Packet Parser Denial of Service Vulnerability
http://secunia.com/advisories/55071/
Mobageに不正ログイン、「他社サービスから流出したID、パスワードの可能性」
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509526/?ST=security
ウェブルートがセキュリティソフトの新版、マルウエアやフィッシングへの防御機能を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509524/?ST=security
中国政府、ミニブログ監視に200万人超を雇用---海外メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509382/?ST=security
NSAは匿名通信システム「Tor」の情報収集も行っていた---英報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131007/509343/?ST=security
JVNVU#99975381 (訂正) NETELLER Direct に HTTP リクエストの検証不備の脆弱性
http://jvn.jp/cert/JVNVU99975381/index.html
JVNVU#98766232 McAfee Agent にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU98766232/index.html
JVNVU#96826639 ASUS Wireless-N150 Router RT-N10E に認証回避の脆弱性
http://jvn.jp/cert/JVNVU96826639/index.html
2013年10月7日月曜日
7日 月曜日、大安
+ phpMyAdmin 4.0.8 is released
http://sourceforge.net/p/phpmyadmin/news/2013/10/phpmyadmin-408-is-released/
+ GnuPG 2.0.22, 1.4.15 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html
+ McAfee Managed Agent Framework Service Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029133
http://secunia.com/advisories/55158/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627
+ Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029126
http://secunia.com/advisories/55129/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ VU#984366 ASUS RT-N10E Wireless Router vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/984366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3610
+ VU#613886 McAfee Managed Agent contains a denial-of-service (DoS) vulnerability
http://www.kb.cert.org/vuls/id/613886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627
+ Apache Tomcat/JBoss Remote Code Execution
http://cxsecurity.com/issue/WLB-2013100037
+ REMOTE: Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
http://www.exploit-db.com/exploits/28713
+ REMOTE: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/28724
+ LOCAL: FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28718
JVNDB-2013-000094 Accela BizSearch におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000094.html
チェックしておきたい脆弱性情報<2013.10.07>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507757/?ST=security
Adobe、290万人のユーザー情報と主要製品のソースコードに不正アクセス
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508865/?ST=security
総務省と民間企業が連携、URLフィルタなどを使ったマルウエア感染被害防止プロジェクト開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508862/?ST=security
http://sourceforge.net/p/phpmyadmin/news/2013/10/phpmyadmin-408-is-released/
+ GnuPG 2.0.22, 1.4.15 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000333.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000334.html
+ McAfee Managed Agent Framework Service Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029133
http://secunia.com/advisories/55158/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627
+ Apple OS X Directory Services Authentication Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029126
http://secunia.com/advisories/55129/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ VU#984366 ASUS RT-N10E Wireless Router vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/984366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3610
+ VU#613886 McAfee Managed Agent contains a denial-of-service (DoS) vulnerability
http://www.kb.cert.org/vuls/id/613886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3627
+ Apache Tomcat/JBoss Remote Code Execution
http://cxsecurity.com/issue/WLB-2013100037
+ REMOTE: Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
http://www.exploit-db.com/exploits/28713
+ REMOTE: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/28724
+ LOCAL: FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit
http://www.exploit-db.com/exploits/28718
JVNDB-2013-000094 Accela BizSearch におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000094.html
チェックしておきたい脆弱性情報<2013.10.07>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507757/?ST=security
Adobe、290万人のユーザー情報と主要製品のソースコードに不正アクセス
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508865/?ST=security
総務省と民間企業が連携、URLフィルタなどを使ったマルウエア感染被害防止プロジェクト開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131004/508862/?ST=security
2013年10月4日金曜日
4日 金曜日、先勝
+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 10 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct
+ About the security content of the OS X Mountain Lion v10.8.5 Supplemental Update
http://support.apple.com/kb/HT5964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ Google Chrome 30.0.1599.69 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_3.html
+ HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03888014-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4829
+ IBM AIX Buffer Overflows in Printer Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029124
+ SA55164 IBM AIX "mkque" and "mkquedev" Privilege Escalation Vulnerabilities
http://secunia.com/advisories/55164/
+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011
+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010
+ Apple iOS 7 iPad2 Face-Time 1.0.2 Privacy Vulnerability
http://cxsecurity.com/issue/WLB-2013100021
+ Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
http://cxsecurity.com/issue/WLB-2013030046
+ Apple Mac OS X CVE-2013-5163 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/62812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ Microsoft October 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/62797
When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk95245&src=securityAlerts
ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2016
ウイルスバスター モバイル バージョン 3.5.0.1290公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2015
カウントダウン!個人情報保護法改正
新しいデータ時代のガバナンスを作ろう
OpenID Foundation理事長、崎村夏彦氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130927/507442/?ST=security
DIT、アカウント/パスワードのハードコーディングを回避するソフトに廉価版
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508747/?ST=security
FBIが違法薬物売買サイト「Silk Road」の首謀者を逮捕、米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508584/?ST=security
DoS/PoC: Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
http://www.exploit-db.com/exploits/28679
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-oct
+ About the security content of the OS X Mountain Lion v10.8.5 Supplemental Update
http://support.apple.com/kb/HT5964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ Google Chrome 30.0.1599.69 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_3.html
+ HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03888014-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4829
+ IBM AIX Buffer Overflows in Printer Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029124
+ SA55164 IBM AIX "mkque" and "mkquedev" Privilege Escalation Vulnerabilities
http://secunia.com/advisories/55164/
+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011
+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010
+ Apple iOS 7 iPad2 Face-Time 1.0.2 Privacy Vulnerability
http://cxsecurity.com/issue/WLB-2013100021
+ Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
http://cxsecurity.com/issue/WLB-2013030046
+ Apple Mac OS X CVE-2013-5163 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/62812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5163
+ Microsoft October 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/62797
When using Threat Emulation to scan mail content, some files encoded in MIME may be incorrectly decoded causing a 'False-Negative' result of the emulated file
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk95245&src=securityAlerts
ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2016
ウイルスバスター モバイル バージョン 3.5.0.1290公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2015
カウントダウン!個人情報保護法改正
新しいデータ時代のガバナンスを作ろう
OpenID Foundation理事長、崎村夏彦氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130927/507442/?ST=security
DIT、アカウント/パスワードのハードコーディングを回避するソフトに廉価版
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508747/?ST=security
FBIが違法薬物売買サイト「Silk Road」の首謀者を逮捕、米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508584/?ST=security
DoS/PoC: Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial Of Service
http://www.exploit-db.com/exploits/28679
2013年10月3日木曜日
3日 木曜日、赤口
+ Apache OpenOffice 4.0.1 is released
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.0.1+Release+Notes
+ APSB13-25 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html
+ Cisco IOS XR Software Memory Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5503
+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011
+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010
+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100009
+ REMOTE: Micorosft Internet Explorer SetMouseCapture Use-After-Free
http://www.exploit-db.com/exploits/28682
+ Linux Kernel CVE-2013-4345 Off-By-One Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx
Announcing PostgreSQL Studio 1.0
http://www.postgresql.org/about/news/1485/
ネットで「虚偽の噂」を広めると3年間勾留:中国(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508542/?ST=security
世界のセキュリティ・ラボから
IEの新たな脆弱性、一部標的型攻撃での使用を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507759/?ST=security
「Linuxセキュリティ標準教科書」、LPI-Japanが無償公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508527/?ST=security
アイベクスがPC操作を制御するセキュリティーソフト新版、Win8を管理可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508416/?ST=security
ソフトバンクが端末分割代金を“未入金”として信用情報機関に誤登録、1.7万ユーザーに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508163/?ST=security
チェックしておきたい脆弱性情報<2013.10.02>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507756/?ST=security
UPDATE: JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/index.html
VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654
VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534
REMOTE: freeFTPd PASS Command Buffer Overflow
http://www.exploit-db.com/exploits/28681
LOCAL: PinApp Mail-SeCure 3.70 - Access Control Failure
http://www.exploit-db.com/exploits/28680
DoS/PoC: HylaFAX+ 5.2.4 - 5.5.3 - Buffer Overflow
http://www.exploit-db.com/exploits/28683
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.0.1+Release+Notes
+ APSB13-25 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-25.html
+ Cisco IOS XR Software Memory Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131002-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5503
+ Microsoft Internet Explorer SetMouseCapture Use-After-Free
http://cxsecurity.com/issue/WLB-2013100011
+ Firefox for Android Same-origin bypass through
http://cxsecurity.com/issue/WLB-2013100010
+ Linux Kernel Patches For Linux Kernel Security
http://cxsecurity.com/issue/WLB-2013100009
+ REMOTE: Micorosft Internet Explorer SetMouseCapture Use-After-Free
http://www.exploit-db.com/exploits/28682
+ Linux Kernel CVE-2013-4345 Off-By-One Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4345
Advisory: Sophos Endpoint v10.2: Automatic upgrade to v10.3
http://www.sophos.com/en-us/support/knowledgebase/119681.aspx
Announcing PostgreSQL Studio 1.0
http://www.postgresql.org/about/news/1485/
ネットで「虚偽の噂」を広めると3年間勾留:中国(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131003/508542/?ST=security
世界のセキュリティ・ラボから
IEの新たな脆弱性、一部標的型攻撃での使用を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507759/?ST=security
「Linuxセキュリティ標準教科書」、LPI-Japanが無償公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508527/?ST=security
アイベクスがPC操作を制御するセキュリティーソフト新版、Win8を管理可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508416/?ST=security
ソフトバンクが端末分割代金を“未入金”として信用情報機関に誤登録、1.7万ユーザーに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508163/?ST=security
チェックしておきたい脆弱性情報<2013.10.02>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130930/507756/?ST=security
UPDATE: JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/index.html
VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654
VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534
REMOTE: freeFTPd PASS Command Buffer Overflow
http://www.exploit-db.com/exploits/28681
LOCAL: PinApp Mail-SeCure 3.70 - Access Control Failure
http://www.exploit-db.com/exploits/28680
DoS/PoC: HylaFAX+ 5.2.4 - 5.5.3 - Buffer Overflow
http://www.exploit-db.com/exploits/28683
2013年10月2日水曜日
2日 水曜日、大安
+ Google Chrome 30.0.1599.66 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924
+ IBM DB2 Fast Communications Manager (FCM) Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4032
+ SA55139 IBM Initiate Master Data Service / InfoSphere Master Data Management OpenSSL Vulnerabilities
http://secunia.com/advisories/55139/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ Google Chrome Prior to 30.0.1599.66 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/62752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924
PostgresDAC with PostgreSQL 9.3 and RAD Studio XE5 support is out!
http://www.postgresql.org/about/news/1484/
英国防省、「数百人のハッカー」を募集(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508182/?ST=security
IT指南役の提言
「縄張」「石垣」「天守閣」「武者走」、セキュリティ対策は築城のように取り組め
ガートナー ジャパン リサーチ部門 ITインフラストラクチャ&セキュリティ セキュリティ担当主席アナリスト
礒田優一氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130924/506470/?ST=security
BBSec、サンドボックス使ったマルウエア解析を国内DCでクラウド提供
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/508080/?ST=security
NEC、Androidタブレットで顔認証する入退管理システムを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507958/?ST=security
米IT企業と擁護団体の連合体、米政府の透明性向上を目指す法案の支持を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507863/?ST=security
VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654
VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924
+ IBM DB2 Fast Communications Manager (FCM) Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4032
+ SA55139 IBM Initiate Master Data Service / InfoSphere Master Data Management OpenSSL Vulnerabilities
http://secunia.com/advisories/55139/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ Google Chrome Prior to 30.0.1599.66 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/62752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2911
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924
PostgresDAC with PostgreSQL 9.3 and RAD Studio XE5 support is out!
http://www.postgresql.org/about/news/1484/
英国防省、「数百人のハッカー」を募集(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131002/508182/?ST=security
IT指南役の提言
「縄張」「石垣」「天守閣」「武者走」、セキュリティ対策は築城のように取り組め
ガートナー ジャパン リサーチ部門 ITインフラストラクチャ&セキュリティ セキュリティ担当主席アナリスト
礒田優一氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20130924/506470/?ST=security
BBSec、サンドボックス使ったマルウエア解析を国内DCでクラウド提供
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/508080/?ST=security
NEC、Androidタブレットで顔認証する入退管理システムを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507958/?ST=security
米IT企業と擁護団体の連合体、米政府の透明性向上を目指す法案の支持を表明
http://itpro.nikkeibp.co.jp/article/NEWS/20131001/507863/?ST=security
VU#392654 Multiple Vulnerabilities in Baramundi Management Suite
http://www.kb.cert.org/vuls/id/392654
VU#976534 L3 CPU shared cache architecture is susceptible to a Flush+Reload side-channel attack
http://www.kb.cert.org/vuls/id/976534
2013年10月1日火曜日
1日 火曜日、仏滅
+ RHSA-2013:1348 Moderate: Red Hat Enterprise Linux 5 kernel update
http://rhn.redhat.com/errata/RHSA-2013-1348.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
+ RHSA-2013:1310 Moderate: samba3x security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ RHSA-2013:1307 Moderate: php53 security, bug fix and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
+ RHSA-2013:1323 Low: ccid security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1323.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4530
+ RHSA-2013:1353 Low: sudo security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1353.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776
+ RHSA-2013:1319 Low: sssd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1319.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219
+ RHSA-2013:1302 Low: xinetd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1302.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862
+ HS13-023 Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-023/index.html
+ HS13-022 Vulnerability in JP1/Base
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-022/index.html
+ HS13-021 Vulnerability about SSL Encryption in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/index.html
+ HS13-023 JP1/Automatic Job Management System 3, JP1/Automatic Job Management System 2における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-023/index.html
+ HS13-022 JP1/Baseにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-022/index.html
+ HS13-021 CosminexusにおけるSSLの暗号に関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-021/index.html
+ FreeBSD 9.2-RELEASE Announcement
http://www.freebsd.org/releases/9.2R/announce.html
+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/stable.html#1.8.8
+ glibc and eglibc 2.5, 2.7, 2.13 Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2013090196
+ LOCAL: glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/28657
Microsoft、2013年上半期の各国当局による情報開示要請は約3万7000件
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507552/?ST=security
始まった「攻撃者の組織化」、シンジケートがあなたを狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130926/507011/?ST=security
NSAが米国住民の通信データからソーシャルなつながりをグラフ化、米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507525/?ST=security
LOCAL: Nodejs js-yaml load() Code Exec
http://www.exploit-db.com/exploits/28655
DoS/PoC: KMPlayer 3.7.0.109 (.wav) - Crash PoC
http://www.exploit-db.com/exploits/28650
http://rhn.redhat.com/errata/RHSA-2013-1348.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
+ RHSA-2013:1310 Moderate: samba3x security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ RHSA-2013:1307 Moderate: php53 security, bug fix and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
+ RHSA-2013:1323 Low: ccid security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1323.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4530
+ RHSA-2013:1353 Low: sudo security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1353.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2776
+ RHSA-2013:1319 Low: sssd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1319.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0219
+ RHSA-2013:1302 Low: xinetd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1302.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862
+ HS13-023 Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-023/index.html
+ HS13-022 Vulnerability in JP1/Base
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-022/index.html
+ HS13-021 Vulnerability about SSL Encryption in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/index.html
+ HS13-023 JP1/Automatic Job Management System 3, JP1/Automatic Job Management System 2における脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-023/index.html
+ HS13-022 JP1/Baseにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-022/index.html
+ HS13-021 CosminexusにおけるSSLの暗号に関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-021/index.html
+ FreeBSD 9.2-RELEASE Announcement
http://www.freebsd.org/releases/9.2R/announce.html
+ Sudo 1.8.8 released
http://www.sudo.ws/sudo/stable.html#1.8.8
+ glibc and eglibc 2.5, 2.7, 2.13 Buffer Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2013090196
+ LOCAL: glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/28657
Microsoft、2013年上半期の各国当局による情報開示要請は約3万7000件
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507552/?ST=security
始まった「攻撃者の組織化」、シンジケートがあなたを狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130926/507011/?ST=security
NSAが米国住民の通信データからソーシャルなつながりをグラフ化、米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130930/507525/?ST=security
LOCAL: Nodejs js-yaml load() Code Exec
http://www.exploit-db.com/exploits/28655
DoS/PoC: KMPlayer 3.7.0.109 (.wav) - Crash PoC
http://www.exploit-db.com/exploits/28650
登録:
投稿 (Atom)