2014年11月10日月曜日

10日 月曜日、友引

+ 2014 年 11 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/ja-jp/library/security/ms14-nov

+ CESA-2014:1824 Important CentOS 5 php Security Updat
http://lwn.net/Alerts/619453/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728

+ Multiple vulnerabilities in Samba
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694

+ CVE-2011-0465 Improper Input Validation vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0465_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465

+ Multiple vulnerabilities in libpng
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692

+ CVE-2012-3401 Denial of Service vulnerability in libtiff
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3401_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401

+ Multiple Denial of Service (DoS) vulnerabilities in FreeType
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144

+ CVE-2004-1010 Buffer Overflow vulnerability in Zip utility
https://blogs.oracle.com/sunsecurity/entry/cve_2004_1010_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010

+ Multiple vulnerabilities in X.Org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2624_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2624

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062

+ CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410

+ CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439

+ CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256

+ VU#432608 IBM Notes Traveler for Android transmits user credentials over HTTP
http://www.kb.cert.org/vuls/id/432608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6130

+ Symantec Endpoint Protection Manager Bugs Permit Cross-Site Scripting, XML External Entity Injection, and File Ovevwrite Attacks
http://www.securitytracker.com/id/1031176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3439

+ PHP ISO 8601 Date Parsing Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8626

+ Linux Kernel mac80211 poor encryption
http://cxsecurity.com/issue/WLB-2014110057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709

ファームウエアを勝手に書き換える、USBの危険すぎる脆弱性「BadUSB」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110600093/?ST=security

ITpro EXPO AWARD 2014 受賞製品/サービス レビュー
サイト改ざんの「瞬時検知・瞬時復旧」にこだわったシステム
<優秀賞>WebARGUS(ウェブアルゴス)[デジタル・インフォメーション・テクノロジー]
http://itpro.nikkeibp.co.jp/atcl/column/14/103000088/103000001/?ST=security

「サイバーセキュリティ基本法」成立、省庁横断の“司令塔”を新設
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110700098/?ST=security

医療費通知を偽装した電子メールにご用心、遠隔操作ウイルス感染も
http://itpro.nikkeibp.co.jp/atcl/news/14/110701797/?ST=security

「サイバーセキュリティ基本法」が成立、国の責務を明確化
http://itpro.nikkeibp.co.jp/atcl/news/14/110701794/?ST=security

中国のiOS端末ユーザーを狙ったマルウエア、Appleが対応
http://itpro.nikkeibp.co.jp/atcl/news/14/110701793/?ST=security

0 件のコメント:

コメントを投稿