2014年2月27日木曜日

27日 木曜日、仏滅

+ About the security content of QuickTime 7.7.5
http://support.apple.com/kb/HT6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1251

+ About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001
http://support.apple.com/kb/HT6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

+ About the security content of Safari 6.1.2 and Safari 7.0.2
http://support.apple.com/kb/HT6145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1270

+ CESA-2014:0189 Moderate mariadb55-mariadb SCL Security Update
http://lwn.net/Alerts/588403/

+ CESA-2014:0211 Important CentOS 5 postgresql84 Update
http://lwn.net/Alerts/588404/

+ CESA-2014:0211 Important CentOS 6 postgresql Update
http://lwn.net/Alerts/588405/

+ Cisco Prime Infrastructure Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0679

+ UPDATE: Cisco UCS Director Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

+ REMOTE: Symantec Endpoint Protection Manager Remote Command Execution
http://www.exploit-db.com/exploits/31917

+ Microsoft Server 2008 Denial Of Service
http://cxsecurity.com/issue/WLB-2014020225

+ Apache Tomcat Denial Of Service
http://cxsecurity.com/issue/WLB-2014020223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322

+ Apache Tomcat Session Fixation
http://cxsecurity.com/issue/WLB-2014020222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

+ Apache Tomcat Information Disclosure Via XXE
http://cxsecurity.com/issue/WLB-2014020221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590

+ Cybozu Garoon CVE-2014-0820 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/65815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820

+ Cybozu Garoon Session Management Security Bypass Vulnerability
http://www.securityfocus.com/bid/65812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0817

+ Cybozu Garoon CVE-2014-0821 Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/65809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0821

Advisory: Sophos Endpoint Security and Control version 10.3.7
http://www.sophos.com/en-us/support/knowledgebase/120492.aspx

Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx

JVNDB-2014-000024 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000024.html

JVNDB-2014-000023 サイボウズ ガルーンにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000023.html

JVNDB-2014-000021 サイボウズ ガルーンにおけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000021.html

JVNDB-2014-000022 Android 版アプリ「デニーズ」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000022.html

JVNDB-2014-000026 Norman Security Suite における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000026.html

JVNDB-2014-000025 XooNIps におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000025.html

はとバスのWebサイトが改ざん、閲覧したユーザーはウイルス感染の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539688/?ST=security

ヤフーの偽サイト広告、新たに名古屋銀行とWebMoneyで表示
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539645/?ST=security

SaaS型WAFで二要素認証を開始、CAPTCHAとSMSを4月から順次提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539387/?ST=security

2月に発見されたゼロデイ攻撃は大統領の日を狙ったもの、ファイア・アイが説明
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539182/?ST=security

DoS/PoC: GoAhead Web Server 3.1.x - Denial of Service
http://www.exploit-db.com/exploits/31915

0 件のコメント:

コメントを投稿