:: IT Security Neophyte Investigator's MEMO ::: 6日木曜日、先勝

2014年3月6日木曜日

6日木曜日、先勝

+ RHSA-2014:0255 Moderate: subversion security update
http://rhn.redhat.com/errata/RHSA-2014-0255.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032

+ CESA-2014:0247 Important CentOS 5 gnutls Update
http://lwn.net/Alerts/589447/

+ CESA-2014:0246 Important CentOS 6 gnutls Update
http://lwn.net/Alerts/589448/

+ CESA-2014:0249 Important CentOS 5 postgresql Update
http://lwn.net/Alerts/589449/

+ Cisco Small Business Router Password Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

+ Multiple Vulnerabilities in Cisco Wireless LAN Controllers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc

+ HPSBHF02965 rev.1 - HP Security Management System, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04156626-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6201

+ UPDATE: HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03969435-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST02955 rev.2 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates, Multiple Vulnerabilities Affecting Confidentiality, Availability And Integrity
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04047415-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX02973 SSRT101455 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04166778-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428

+ HPSBUX02972 SSRT101454 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04166777-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428

+ SA57242 Opera Unspecified Vulnerabilities
http://secunia.com/advisories/57242/

+ CISCO RV110W RV215W CVR100W Bypass Login Page
http://cxsecurity.com/issue/WLB-2014030043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0683

+ PHP date() is evil (XSS'able)
http://cxsecurity.com/issue/WLB-2014030046

+ libssh and stunnel PRNG flaws
http://cxsecurity.com/issue/WLB-2014030044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0017

+ Windows Escalate UAC Protection Bypass (In Memory Injection)
http://cxsecurity.com/issue/WLB-2014030039

+ Google's YouTube Unrestricted File Upload Report
http://cxsecurity.com/issue/WLB-2014030040

+ Java OpenID Server 1.2.1 XSS / Session Fixation
http://cxsecurity.com/issue/WLB-2014030037

Trend Micro Mobile Security 9.0 Patch 1(build 1586)公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2062

Trend Micro SafeSync for Enterprise 2.1 Patch 1およびPatch 1.1 (build 1277) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2078

誤警告情報：スマートスキャンパターンファイル：TROJ_MOSERAN.BMC
http://app.trendmicro.co.jp/support/news.asp?id=2089

Bitcoin銀行「Flexcoin」にもサイバー攻撃、6000万円相当を盗まれる
http://itpro.nikkeibp.co.jp/article/NEWS/20140305/541425/?ST=security

シスコ、買収したSourcefireの機能を統合した製品を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140305/541346/?ST=security

JVNVU#97152032 Synology DiskStation Manager に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU97152032/index.html

JVNVU#95250773 ZTE 製ケーブルモデム F460/F660 にバックドアの問題
http://jvn.jp/vu/JVNVU95250773/index.html

VU#823452 Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities
http://www.kb.cert.org/vuls/id/823452

LOCAL: ALLPlayer M3U Buffer Overflow
http://www.exploit-db.com/exploits/32074

:: IT Security Neophyte Investigator's MEMO ::

2014年3月6日木曜日

6日木曜日、先勝

0 件のコメント:

コメントを投稿

2014年3月6日木曜日

6日 木曜日、先勝

0 件のコメント:

コメントを投稿

6日木曜日、先勝