+ Apache OpenOffice 4.1.0 released
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1+Release+Notes
+ RHSA-2014:0449 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-0449.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532
+ RHSA-2014:0448 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-0448.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532
+ MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
http://www.mozilla.org/security/announce/2014/mfsa2014-47.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1526
+ MFSA 2014-46 Use-after-free in nsHostResolve
http://www.mozilla.org/security/announce/2014/mfsa2014-46.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532
+ MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
http://www.mozilla.org/security/announce/2014/mfsa2014-45.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
+ MFSA 2014-44 Use-after-free in imgLoader while resizing images
http://www.mozilla.org/security/announce/2014/mfsa2014-44.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531
+ MFSA 2014-43 Cross-site scripting (XSS) using history navigations
http://www.mozilla.org/security/announce/2014/mfsa2014-43.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530
+ MFSA 2014-42 Privilege escalation through Web Notification API
http://www.mozilla.org/security/announce/2014/mfsa2014-42.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529
+ MFSA 2014-41 Out-of-bounds write in Cairo
http://www.mozilla.org/security/announce/2014/mfsa2014-41.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1528
+ MFSA 2014-40 Firefox for Android addressbar suppression
http://www.mozilla.org/security/announce/2014/mfsa2014-40.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1527
+ MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
http://www.mozilla.org/security/announce/2014/mfsa2014-39.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1525
+ MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
http://www.mozilla.org/security/announce/2014/mfsa2014-38.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524
+ MFSA 2014-37 Out of bounds read while decoding JPG images
http://www.mozilla.org/security/announce/2014/mfsa2014-37.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523
+ MFSA 2014-36 Web Audio memory corruption issues
http://www.mozilla.org/security/announce/2014/mfsa2014-36.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1522
+ MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
http://www.mozilla.org/security/announce/2014/mfsa2014-35.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520
+ MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
http://www.mozilla.org/security/announce/2014/mfsa2014-34.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1519
+ APSB14-13 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
+ Mozilla Firefox 29.0 released
http://www.mozilla.org/en-US/firefox/29.0/releasenotes/
+ Mozilla Thunderbird 24.5.0 released
http://www.mozilla.org/en-US/thunderbird/24.5.0/releasenotes/
+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
+ UPDATE: HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04262472-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability
http://support.citrix.com/article/CTX140605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
+ Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates
http://support.citrix.com/article/CTX140651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2882
+ UPDATE: Oracle Critical Patch Update Advisory - April 2014
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+ Apache Struts Flaw Lets Remote Users Manipulate the ClassLoader to Execute Arbitrary Code
http://www.securitytracker.com/id/1030159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
+ Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0515
+ REMOTE: Adobe Flash Player Type Confusion Remote Code Execution
http://www.exploit-db.com/exploits/33095
+ REMOTE: McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/33071
+ LOCAL: Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow
http://www.exploit-db.com/exploits/33069
+ DoS/PoC: NTP ntpd monlist Query Reflection - Denial of Service
http://www.exploit-db.com/exploits/33073
+ Wireshark <= 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2014040194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
+ ntp monlist DDoS issue Exploit
http://cxsecurity.com/issue/WLB-2014040193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
+ Adobe Flash Player Type Confusion Remote Code Execution Exploit
http://cxsecurity.com/issue/WLB-2014040192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5331
+ SA58220 Microsoft Windows Flash Player Buffer Overflow Vulnerability
http://secunia.com/advisories/58220/
+ SA58085 Adobe Flash Player Buffer Overflow Vulnerability
http://secunia.com/advisories/58085/
+ 2014年4月 Microsoft Internet Explorer の未修正の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2014/at140018.html
+ Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
http://www.securityfocus.com/bid/67121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
警察庁、「Struts 2」の脆弱性を狙ったアクセスを検知
http://itpro.nikkeibp.co.jp/article/NEWS/20140428/553742/?ST=security
IE 6~11に深刻なゼロデイ脆弱性、米FireEyeが標的型攻撃への悪用を観測
http://itpro.nikkeibp.co.jp/article/NEWS/20140428/553585/?ST=security
UPDATE: JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/index.html
JVNVU#92280347 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU92280347/index.html
JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/index.html
VU#489228 Ignite Realtime Smack XMPP API contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/489228
0 件のコメント:
コメントを投稿