2013年12月18日水曜日

18日 水曜日、友引

+ RHSA-2013:1850 Important: openjpeg security update
http://rhn.redhat.com/errata/RHSA-2013-1850.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6054

+ Wireshark 1.10.4 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114

+ HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04045640-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810

+ UPDATE: HPSBPI02938 rev.2 - Certain HP LaserJet Printers, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041432-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Multiple Buffer Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerability_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961

+ CVE-2012-4564 Design Error vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564

+ Multiple Cryptographic Issues vulnerabilities in Ruby
https://blogs.oracle.com/sunsecurity/entry/multiple_cryptographic_issues_vulnerabilities_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363

+ CVE-2013-4475 Access Control vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340

+ curl and libcurl 7.34.0 released
http://curl.haxx.se/changes.html#7_34_0

+ Red Hat JBoss Portal Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4424

+ Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228

+ REMOTE: Adobe Reader ToolButton Use After Free
http://www.exploit-db.com/exploits/30394

+ LOCAL: Microsoft Windows ndproxy.sys Local Privilege Escalation
http://www.exploit-db.com/exploits/30392

+ DoS/PoC: PHP openssl_x509_parse() Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/30395

+ DoS/PoC: MS13-101 Windows Kernel win32k.sys - Integer Overflow
http://www.exploit-db.com/exploits/30397

+ Microsoft Windows ndproxy.sys Privilege Escalation Exploit
http://cxsecurity.com/issue/WLB-2013120125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065

+ Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
http://cxsecurity.com/issue/WLB-2013120040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065

+ Windows Kernel win32k.sys Integer Overflow (MS13-101)
http://cxsecurity.com/issue/WLB-2013120087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5058

+ SA56144 Apple OS X Multiple Vulnerabilities
http://secunia.com/advisories/56144/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228

[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006

Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.x Critical Patch (Build 1023) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2049

Trend Micro Network VirusWall Enforcer 2500 バージョン 2.0 Critical Patch (Build 1106) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2047

DBConvert / DBSync for PostgreSQL and Oracle released
http://www.postgresql.org/about/news/1496/

JVNDB-2013-000111 Android OS において任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000111.html

Windows XPカーネルの脆弱性、すでに攻撃を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525162/?ST=security

日本語入力ソフトのオンライン機能に注意、企業の重要情報が外部に送信される恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525422/?ST=security

キヤノンIT、メール/Webを介した情報漏えい対策ソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525386/?ST=security

EMCジャパン、エンドポイントのマルウエア感染を調べるソフトを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525302/?ST=security

NSAの通話記録収集を地裁が「違憲」と判断---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525202/?ST=security

REMOTE: Ability Mail Server 2013 (3.1.1) - Stored XSS
http://www.exploit-db.com/exploits/30373

LOCAL: Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
http://www.exploit-db.com/exploits/30393

LOCAL: FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities
http://www.exploit-db.com/exploits/30375

LOCAL: QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/30374

0 件のコメント:

コメントを投稿