2013年10月31日木曜日

31日 木曜日、大安












+ RHSA-2013:1480 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1480.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5604

+ CESA-2013:1476 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/572253/

+ CESA-2013:1476 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/572254/

+ CESA-2013:1475 Moderate CentOS 6 postgresql Update
http://lwn.net/Alerts/572256/

+ CESA-2013:1473 Important CentOS 6 spice-server Update
http://lwn.net/Alerts/572258/

+ CESA-2013:1475 Moderate CentOS 5 postgresql84 Update
http://lwn.net/Alerts/572255/

+ CESA-2013:1474 Important CentOS 5 qspice Update
http://lwn.net/Alerts/572257/

+ Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131030-asr1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5547

+ UPDATE: HPSBMU02872 SSRT101185 rev.3 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748875-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02874 SSRT101184 rev.2 - HP Service Manager, Java Runtime Environment (JRE) Security Update
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748879-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03960916-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02932 rev.1 - HP Application LifeCycle Management, ALM client component, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969433-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4834

+ HPSBMU02933 rev.1 - HP SiteScope, issueSiebelCmd SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969435-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4835

+ HPSBMU02934 rev.1 - HP Application LifeCycle Management, GossipService SOAP Request, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969436-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4836

+ HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969437-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4839

JVNDB-2013-004446 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004446.html

JVNDB-2013-001665 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-001665.html

「CAPTCHAを解読できる」最新式人工知能(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20131031/515062/?ST=security

「Androidアプリの96%に脆弱性リスク」、SDNAが調査レポート公開
http://itpro.nikkeibp.co.jp/article/NEWS/20131029/514742/?ST=security

VU#326830 NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
http://www.kb.cert.org/vuls/id/326830

VU#639620 Joomla! Media Manager allows arbitrary file upload and execution
http://www.kb.cert.org/vuls/id/639620

VU#533894 Openbravo ERP contains an information disclosure vulnerability
http://www.kb.cert.org/vuls/id/533894

0 件のコメント:

コメントを投稿