2013年10月16日水曜日

16日 水曜日、友引

+ RHSA-2013:1426 Important: xorg-x11-server security update
http://rhn.redhat.com/errata/RHSA-2013-1426.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396

+ About the security content of Java for OS X 2013-005 and Mac OS X v10.6 Update 17
http://support.apple.com/kb/HT5982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850

+ CESA-2013:1418 Moderate CentOS 6 libtar Update
http://lwn.net/Alerts/570301/

+ Google Chrome 30.0.1599.101 released
http://googlechromereleases.blogspot.jp/2013/10/stable-channel-update_15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2927

+ UPDATE: HPSBGN02441 SSRT090082 rev.2 - HP ProCurve Identity Driven Manager (IDM) Running on Microsoft IAS or NPS, Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01798159-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02931 rev.1 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4833

+ UPDATE: HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03897409-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2013-4238 Input Validation vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4238_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238

+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139

+ Multiple vulnerabilities in Firefox
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4195

+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667

+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ Multiple vulnerabilities in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939

+ CVE-2013-1896 Denial of Service (DoS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1896_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

+ Oracle Critical Patch Update Advisory - October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

+ Java SE Development Kit 7, Update 45 (JDK 7u45) released
http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html

+ MySQL Multiple Bugs Let Remote Authenticated Users Execute Arbitrary Code, Deny Service, and Partially Access and Modify Data
http://www.securitytracker.com/id/1029184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807

+ Microsoft Internet Explorer CDisplayPointer Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2013100091

+ REMOTE: HP Data Protector Cell Request Service Buffer Overflow
http://www.exploit-db.com/exploits/28973

+ REMOTE: MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free
http://www.exploit-db.com/exploits/28974

+ REMOTE: VMware Hyperic HQ Groovy Script-Console Java Execution
http://www.exploit-db.com/exploits/28962

+ DoS/PoC: Android Zygote Socket Vulnerability Fork bomb Attack
http://www.exploit-db.com/exploits/28957

+ Apple iOS Sim Lock Screen Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/63039

日経コンピュータReport
米政府が暗号を解読、崩れるネットの安全性
http://itpro.nikkeibp.co.jp/article/COLUMN/20131011/510542/?ST=security

先鋭化した手法で日本を狙う、攻撃者はなぜ変容したのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20131014/510862/?ST=security

VU#829574 HR Systems Strategies info:HR HRIS allows read access to weakly obfuscated shared database password
http://www.kb.cert.org/vuls/id/829574

REMOTE: Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
http://www.exploit-db.com/exploits/28968

LOCAL: Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow
http://www.exploit-db.com/exploits/28969

LOCAL: Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH
http://www.exploit-db.com/exploits/28955

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)