+ phpMyAdmin 4.1.13 released
http://sourceforge.net/p/phpmyadmin/news/2014/04/phpmyadmin-4113-is-released/
+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
+ HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239375-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239372-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ UPDATE: HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04236102-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04236062-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0003.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210
+ MySQL 5.6.18 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-18.html
+ Juniper Junos IGMP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0614
+ Juniper Junos Input Validation Flaw in J-Web Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2711
+ Juniper Junos SRX Series Enhanced Web Filtering Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2714
+ Juniper Junos MX Series and T4000 IP Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2713
+ Juniper Junos Input Validation Flaw in J-Web Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2712
+ Juniper Junos Branch SRX Series Dynamic VPN Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1030057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0612
+ VMware vSphere Client Bugs Let Remote Users Execute Arbitrary Code and Spoof Servers
http://www.securitytracker.com/id/1030055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210
+ SA57891 VMware vSphere Client Update Spoofing Vulnerability
http://secunia.com/advisories/57891/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
+ SA57885 VMware vSphere Client Two Spoofing Vulnerabilities
http://secunia.com/advisories/57885/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210
+ SA57881 LibreOffice OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/57881/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ SA57730 Linux Kernel RDMA MAC Resolve Random Memory Pointer Dereference Denial of Service Vulnerability
http://secunia.com/advisories/57730/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2739
+ LOCAL: Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit
http://www.exploit-db.com/exploits/32813
+ OpenSSL use-after-free race condition read buffer
http://cxsecurity.com/issue/WLB-2014040079
+ VMware Workstation / Player Invalid Pointer Dereference
http://cxsecurity.com/issue/WLB-2014040078
+ Linux Kernel net/ping refcount issue in ping_init_sock() function
http://cxsecurity.com/issue/WLB-2014040072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851
+ Mac OS X Lion Kernel <= xnu-1699.32.7 NFS Mount Local Root
http://cxsecurity.com/issue/WLB-2014040070
+ OpenSSL information leak client/server exploit
http://cxsecurity.com/issue/WLB-2014040061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ Linux Kernel 'ping_init_sock()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/66779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851
+ Linux Kernel Random Memory Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/66775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2739
+ Juniper Junos J-Web CVE-2014-2712 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/66767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2712
+ Juniper Junos CVE-2014-2713 Denial of Service Vulnerability
http://www.securityfocus.com/bid/66764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2713
+ Juniper Junos CVE-2014-0614 Denial of Service Vulnerability
http://www.securityfocus.com/bid/66762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0614
+ Juniper Junos J-Web CVE-2014-2711 HTML Injection Vulnerability
http://www.securityfocus.com/bid/66770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2711
定期サーバメンテナンスのお知らせ(2014/4/18)
http://app.trendmicro.co.jp/support/news.asp?id=2111
KADOKAWA、2度の不正アクセス被害で閉鎖していたサイトを3週間ぶりに再開
http://itpro.nikkeibp.co.jp/article/NEWS/20140411/550143/?ST=security
JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/
JVNVU#96484185 Microsoft Office file format converter にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU96484185/
JVN#47386847 SD Card Manager におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN47386847/
VU#901156 PivotX 2.3.8 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/901156
VU#251628 Amtelco miSecureMessages app lacks authentication
http://www.kb.cert.org/vuls/id/251628
VU#667340 Fortinet FortiADC contains a cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/667340
VU#939260 ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple
http://www.kb.cert.org/vuls/id/939260
0 件のコメント:
コメントを投稿