2011-01-28

Vanilla Forums

ソフト名:Vanilla Forums 2.0.16
回避策:アップデートにて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://vanillaforums.org/
http://www.vanillaforums.org/discussion/14397/vanilla-2.0.17-released
http://yehg.net/lab/pr0js/advisories/[vanilla_forums-2.0.16]_cross_site_scripting
http://secunia.com/advisories/43074/
危険性:Medium Risk

Paessler PRTG Network Monitor

ソフト名:Paessler PRTG Network Monitor 8.1.2.1809
回避策:アップデートにて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://www.paessler.com/prtg
http://www.paessler.com/prtg/prtg8history
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0479.html
http://secunia.com/advisories/43076/
危険性:Medium Risk

Debian GNU/Linux

ソフト名:Debian GNU/Linux 5.0
回避策:DSA 2151-1にて対応
脆弱性:システムアクセス, 権限の昇格, バッファオーバーフロー, 整数切捨てエラー, 短整数オーバーフロー, 解放後使用エラー, メモリ破壊
ソース:
http://www.debian.org/
http://lists.debian.org/debian-security-announce/2011/msg00015.html
http://secunia.com/advisories/40775/
http://secunia.com/advisories/43065/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4643
CVE:CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643
危険性:High Risk

Canonical Ltd. Ubuntu Linux

ソフト名:Canonical Ltd. Ubuntu Linux 9.10~10.10
回避策:USN-1052-1にて対応
脆弱性:セキュリティ制限の回避, システムアクセス, リモートコード実行
ソース:
http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001236.html
http://secunia.com/advisories/43078/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351
CVE:CVE-2010-4351
危険性:High Risk

Oracle PDF Import Extension

ソフト名:Oracle PDF Import Extension 1.0.4未満 for OpenOffice.org / Oracle Open Office
回避策:アップデートにて対応
脆弱性:システムアクセス, インデックスエラー, メモリ破壊
ソース:
http://extensions.services.openoffice.org/project/pdfimport
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
http://secunia.com/advisories/41709/
http://secunia.com/advisories/43079/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704
CVE:CVE-2010-3702, CVE-2010-3704
危険性:Medium Risk

Symantec AntiVirus, Symantec System Center

ソフト名:Symantec AntiVirus Corporate Edition 10.1 MR10, Symantec System Center 10.1 MR10, Symantec Quarantine Server 3.5/3.6
回避策:アップデートにて対応
脆弱性:DoS攻撃, システムアクセス, バッファオーバーフロー, ローカルコマンド実行, ローカルコード実行
ソース:
http://www.symantec.com/business/products/allproducts.jsp
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110126_00
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110126_01
http://secunia.com/advisories/43099/
http://secunia.com/advisories/43106/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0111
CVE:CVE-2010-0110, CVE-2010-0111
危険性:Medium Risk

Red Hat Fedora

ソフト名:Red Hat Fedora 13/14
回避策:FEDORA-2011-0512, FEDORA-2011-0514にて対応
脆弱性:スプーフィング攻撃, パスワードの曝露, マンインミドル攻撃
ソース:
https://fedoraproject.org/wiki/F13_one_page_release_notes
http://fedoraproject.org/
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053473.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053461.html
http://secunia.com/advisories/42972/
http://secunia.com/advisories/43103/
http://dvw-j.blogspot.com/2011/01/myproxy-globus-toolkit.html
危険性:Medium Risk

XNova

ソフト名:XNova 2009.2
回避策:未対応
脆弱性:XSS, CSRF, 不正HTTPのリクエスト
ソース:
http://www.xnova-ng.org/
http://www.exploit-db.com/exploits/16059
http://secunia.com/advisories/43096/
危険性:Medium Risk

ISC DHCP

ソフト名:ISC DHCP 4.1.2-P1/4.1-ESV-R1/4.2.1b1未満
回避策:アップデートにて対応
脆弱性:DoS攻撃, サービスのクラッシュ
ソース:
https://www.isc.org/software/dhcp
http://www.isc.org/software/dhcp/advisories/cve-2011-0413
http://secunia.com/advisories/43006/
http://secunia.com/advisories/43104/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
CVE:CVE-2011-0413
危険性:Medium Risk

PivotX

ソフト名:PivotX 2.2.0
回避策:アップデートにて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://pivotx.net/
http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released
http://www.htbridge.ch/advisory/xss_in_pivotx.html
http://www.htbridge.ch/advisory/xss_in_pivotx_1.html
http://secunia.com/advisories/43040/
危険性:Medium Risk

PivotX

ソフト名:PivotX 2.2.2
回避策:あり
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://pivotx.net/
http://www.autosectools.com/Advisories/PivotX.2.2.2_Reflected.Cross-site.Scripting_76.html
http://sourceforge.net/projects/pivot-weblog/
http://secunia.com/advisories/43045/
危険性:Medium Risk

MuPDF, SumatraPDF

ソフト名:MuPDF 0.7, SumatraPDF 1.x
回避策:あり
脆弱性:DoS攻撃, システムアクセス, スタックメモリ破壊
ソース:
http://ccxvii.net/fitz/
http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html
http://code.google.com/p/sumatrapdf/issues/detail?id=1180
http://code.google.com/p/sumatrapdf/issues/detail?id=1180&can=1
http://secunia.com/advisories/43020/
http://secunia.com/advisories/43095/
危険性:High Risk

Cisco Content Services Gateway

ソフト名:Cisco Content Services Gateway (CSG2)
回避策:cisco-sa-20110126-csg2にて対応
脆弱性:セキュリティ制限の回避, DoS攻撃, 不特定のエラー, デバイスのハング
ソース:
http://www.cisco.com/en/US/products/sw/wirelssw/ps779/index.html
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6791d.shtml
http://secunia.com/advisories/43052/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0350
CVE:CVE-2011-0348, CVE-2011-0349, CVE-2011-0350
危険性:Medium Risk

PivotX

ソフト名:PivotX 2.2.2
回避策:未対応
脆弱性:機密情報の奪取
ソース:
http://pivotx.net/
http://secunia.com/advisories/43041/
危険性:Low Risk

Media [DAM]

ソフト名:Media [DAM] (dam) 1.1.8 Extension 未満 for TYPO3
回避策:アップデート, TYPO3-SA-2011-001にて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://typo3.org/extensions/repository/view/dam/current/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-001/
http://secunia.com/advisories/43080/
危険性:Mediium Risk

Novell SUSE Linux Enterprise Server

ソフト名:Novell SUSE Linux Enterprise Server (SLES) 10/11
回避策:SUSE-SA:2011:006にて対応
脆弱性:セキュリティ制限の回避, データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, リモートコード実行, メモリ破壊, 整数オーバーフロー
ソース:
http://www.novell.com/products/server/
http://www.novell.com/promo/home/sle11.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00008.html
http://secunia.com/advisories/41791/
http://secunia.com/advisories/43091/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
CVE:CVE-2009-3555, CVE-2010-0771, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3553, CVE-2010-3555, CVE-2010-3556, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574
危険性:High Risk

Red Hat Enterprise Linux

ソフト名:Red Hat Enterprise Linux Desktop 6/HPC Node 6/Server 6/Workstation 6
回避策:RHSA-2011:0177-1にて対応
脆弱性:セキュリティ制限の回避, スプーフィング攻撃, 機密情報の奪取, DoS攻撃, システムアクセス, ブラウザのクラッシュ, メモリ破壊, 区域外メモリの使用, 特定されていないエラー
ソース:
http://www.redhat.com/rhel/
http://www.redhat.com/rhel/server/
http://www.redhat.com/rhel/desktop/
https://rhn.redhat.com/errata/RHSA-2011-0177.html
http://secunia.com/advisories/40664/
http://secunia.com/advisories/41014/
http://secunia.com/advisories/41085/
http://secunia.com/advisories/41242/
http://secunia.com/advisories/42109/
http://secunia.com/advisories/42264/
http://secunia.com/advisories/42605/
http://secunia.com/advisories/43086/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577
CVE:CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815, CVE-2010-3113, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3257, CVE-2010-3259, CVE-2010-3812, CVE-2010-3813, CVE-2010-4197, CVE-2010-4198, CVE-2010-4204, CVE-2010-4206, CVE-2010-4577
危険性:High Risk

Novell ZENworks Handheld Management

ソフト名:Novell ZENworks Handheld Management 7.x
回避策:Interim Release 4 Hot Patch 6にて対応
脆弱性:システムアクセス, バウンダリエラー, バッファオーバーフロー, ローカルコード実行
ソース:
http://www.novell.com/products/zenworks/handhelds/
http://www.novell.com/support/viewContent.do?externalId=7007663
http://www.zerodayinitiative.com/advisories/ZDI-11-026/
http://secunia.com/advisories/43094/
危険性:Medium Risk

Novell GroupWise

ソフト名:Novell GroupWise 8.02 Hot Patch 2未満
回避策:アップデートにて対応
脆弱性:システムアクセス, バウンダリエラー, バッファオーバーフロー, リモートコード実行
ソース:
http://www.novell.com/products/groupwise/
http://www.novell.com/support/viewContent.do?externalId=7007638
http://www.zerodayinitiative.com/advisories/ZDI-11-027/
http://secunia.com/advisories/43089/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4325
CVE:CVE-2010-4325
危険性:High Risk

B2 Portfolio

ソフト名:B2 Portfolio 1.1 Joomla!
回避策:未対応
脆弱性:データ操作, SQLインジェクション
ソース:
http://extensions.joomla.org/extensions/directory-a-documentation/portfolio/15566
http://adv.salvatorefresta.net/B2_Portfolio_Joomla_Component_1.0.0_Multiple_SQL_Injection_Vulnerability-24012011.txt
http://secunia.com/advisories/43038/
危険性:Medium Risk

Panda Global Protection, Panda Internet Security

ソフト名:Panda Global Protection 2010 3.01.00/2011 4.00.00, Panda Internet Security 2010/2011 16.00.00
回避策:未対応
脆弱性:権限の昇格, バッファオーバーフロー, メモリ破壊, リモートコード実行
ソース:
http://www.pandasecurity.com/homeusers/solutions/global-protection/
http://www.pandasecurity.com/homeusers/solutions/internet-security/
http://www.exploit-db.com/exploits/16022
http://www.exploit-db.com/exploits/16023
http://secunia.com/advisories/43043/
危険性:Medium Risk

OpenVAS Manager

ソフト名:OpenVAS Manager 1.0.3未満
回避策:アップデートにて対応
脆弱性:システムアクセス, 入力検証エラー, ローカルコマンド実行
ソース:
http://www.openvas.org/
http://www.openvas.org/OVSA20110118.html
http://secunia.com/advisories/43037/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0018
CVE:CVE-2011-0018
危険性:Medium Risk

HP OpenView Storage Data Protector

ソフト名:HP OpenView Storage Data Protector 6.0/6.10/6.11
回避策:HPSBMA02626 SSRT100301にて対応
脆弱性:DoS攻撃
ソース:
http://h71028.www7.hp.com/enterprise/w1/en/software/information-management-data-protector.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02699143
http://secunia.com/advisories/43088/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0275
CVE:CVE-2011-0275
危険性:Medium Risk

Red Hat JBoss Web Framework Kit

ソフト名:Red Hat JBoss Web Framework Kit 1.1.0未満
回避策:アップデートにて対応
脆弱性:システムアクセス, リモートコード実行
ソース:
http://www.jboss.com/products/wfk/
https://www.redhat.com/security/data/cve/CVE-2010-1622.html
http://secunia.com/advisories/40260/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1622
CVE:CVE-2010-1622
危険性:Medium Risk

Greenbone Security Assistant

ソフト名:Greenbone Security Assistant 1.0.3
回避策:未対応
脆弱性:XSS, CSRF, 不正HTTPのリクエスト, リモートコマンド実行
ソース:
http://www.openvas.org/
http://www.openvas.org/OVSA20110118.html
http://secunia.com/advisories/43092/
危険性:Medium Risk

Lomtec ActiveWeb Professional

ソフト名:Lomtec ActiveWeb Professional 3.0
回避策:未対応
脆弱性:システムアクセス, リモートファイルアップロード, リモートコード実行
ソース:
http://www.lomtec.com/en/ActiveWeb/d/activeweb/activeweb.html
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-002.html
http://secunia.com/advisories/43031/
危険性:High Risk

Red Hat Enterprise Linux

ソフト名:Red Hat Enterprise Linux 5 (Server)/Desktop 5
回避策:RHSA-2011:0176-1にて対応
脆弱性:セキュリティ制限の回避, 機密情報の奪取, システムアクセス, リモートコード実行
ソース:
http://www.redhat.com/rhel/server/
http://www.redhat.com/rhel/desktop/
https://rhn.redhat.com/errata/RHSA-2011-0176.html
http://secunia.com/advisories/42412/
http://secunia.com/advisories/43002/
http://dvw-j.blogspot.com/2010/12/ubuntu-linux_07.html
http://dvw-j.blogspot.com/2011/01/red-hat-fedora_6915.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351
CVE:CVE-2010-3860, CVE-2010-4351
危険性:High Risk

Canonical Ltd. Ubuntu Linux, Red Hat Fedora

ソフト名:Canonical Ltd. Ubuntu Linux 8.04~10.10, Red Hat Fedora 13/14
回避策:USN-1048-1, FEDORA-2011-0524, FEDORA-2011-0525にて対応
脆弱性:システムアクセス, バッファオーバーフロー, バウンダリエラー, ローカルコード実行
ソース:
http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001235.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053474.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053472.html
http://secunia.com/advisories/42956/
http://secunia.com/advisories/43022/
http://secunia.com/advisories/43102/
http://dvw-j.blogspot.com/2011/01/hp-linux-imaging-and-printing-red-hat.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267
CVE:CVE-2010-4267
危険性:Medium Risk

Opera Software Opera

ソフト名:Opera Software Opera 10.x/11.01未満
回避策:アップデートにて対応
脆弱性:セキュリティ制限の回避, 機密情報の奪取, システムアクセス, クリック乗っ取り, 電子メールアカウントへのアクセス, ファイルの曝露, リダイレクトエラー, 整数切捨てエラー
ソース:
http://www.opera.com/
http://www.opera.com/docs/changelogs/windows/1101/
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.opera.com/support/kb/view/985/
http://www.opera.com/support/kb/view/986/
https://www.alternativ-testing.fr/blog/index.php?post/2011/[CVE-XXXX-XXXX]-Opera-11-Integer-Truncation-Vulnerability
http://secunia.com/advisories/43023/
危険性:High Risk

2011-01-26

BalaBit IT syslog-ng Premium Edition

ソフト名:BalaBit IT syslog-ng Premium Edition 3.0.6a未満/3.2.1a未満
回避策:アップデートにて対応
脆弱性:データ操作, DoS攻撃, 不正アクセス, アプリケーションのクラッシュ, TLSプロトコルエラー, マンインミドル攻撃, 不正HTTPのリクエスト, 二重解放エラー, リモートコード実行, バッファオーバーフロー
ソース:
http://www.balabit.com/network-security/syslog-ng/central-syslog-server
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://secunia.com/advisories/34411/
http://secunia.com/advisories/37291/
http://secunia.com/advisories/38807/
http://secunia.com/advisories/40000/
http://secunia.com/advisories/42243/
http://secunia.com/advisories/43082/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
CVE:CVE-2009-0590, CVE-2009-2409, CVE-2009-3245, CVE-2010-0433, CVE-2010-0740, CVE-2010-0742, CVE-2010-3864
危険性:Medium Risk

BalaBit IT syslog-ng, BalaBit IT syslog-ng Premium Edition

ソフト名:BalaBit IT syslog-ng 3.0.10未満/3.1.4未満/3.2.2未満, BalaBit IT syslog-ng Premium Edition 3.0.6a未満/3.2.1a未満
回避策:アップデートにて対応
脆弱性:データ操作, 機密情報の奪取
ソース:
http://www.balabit.com/network-security/syslog-ng/
http://www.balabit.com/network-security/syslog-ng/central-syslog-server
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html
http://secunia.com/advisories/42995/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0343
CVE:CVE-2011-0343
危険性:Medium Risk

Recip.ly Plugin

ソフト名:WordPress Recip.ly Plugin 1.1.7
回避策:未対応
脆弱性:不正アクセス, PHPファイルのアップロード, PHPコード実行
ソース:
http://wordpress.org/extend/plugins/reciply/
http://www.autosectools.com/Advisories/WordPress.Recip.ly.Plugin.1.1.7_Arbitrary.Upload_92.html
http://secunia.com/advisories/43066/
危険性:High Risk

x7Host's Videox7 UGC Plugin

ソフト名:WordPress x7Host's Videox7 UGC Plugin 2.5.3.2
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://wordpress.org/extend/plugins/x7host-videox7-ugc-plugin/
http://www.autosectools.com/Advisories/WordPress.x7Host%27s.Videox7.UGC.Plugin.2.5.3.2_Reflected.Cross-site.Scripting_87.html
http://secunia.com/advisories/43069/
危険性:Medium Risk

Look 'n' Stop Firewall

ソフト名:Look 'n' Stop Firewall 2.0.7
回避策:未対応
脆弱性:DoS攻撃, アサーションエラー, カーネルのクラッシュ
ソース:
http://www.looknstop.com/En/index2.htm
http://secunia.com/advisories/43044/
危険性:Low Risk

Novell openSUSE, Novell SUSE Linux Enterprise Server

ソフト名:Novell openSUSE 11.1~11.3, Novell SUSE Linux Enterprise Server (SLES) 10/11
回避策:SUSE-SR:2011:002にて対応
脆弱性:セキュリティ制限の回避, XSS, スプーフィング攻撃, データ操作, 機密情報の奪取, 権限の昇格, DoS攻撃, 不正アクセス
ソース:
http://www.opensuse.org/en/
http://www.novell.com/products/server/
http://www.novell.com/promo/home/sle11.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/32349/
http://secunia.com/advisories/33495/
http://secunia.com/advisories/35095/
http://secunia.com/advisories/35379/
http://secunia.com/advisories/35411/
http://secunia.com/advisories/35449/
http://secunia.com/advisories/35758/
http://secunia.com/advisories/36269/
http://secunia.com/advisories/36677/
http://secunia.com/advisories/37273/
http://secunia.com/advisories/37346/
http://secunia.com/advisories/37769/
http://secunia.com/advisories/38061/
http://secunia.com/advisories/38545/
http://secunia.com/advisories/38932/
http://secunia.com/advisories/39029/
http://secunia.com/advisories/39091/
http://secunia.com/advisories/39384/
http://secunia.com/advisories/39661/
http://secunia.com/advisories/39937/
http://secunia.com/advisories/40002/
http://secunia.com/advisories/40072/
http://secunia.com/advisories/40105/
http://secunia.com/advisories/40112/
http://secunia.com/advisories/40148/
http://secunia.com/advisories/40196/
http://secunia.com/advisories/40257/
http://secunia.com/advisories/40664/
http://secunia.com/advisories/40783/
http://secunia.com/advisories/41014/
http://secunia.com/advisories/41085/
http://secunia.com/advisories/41242/
http://secunia.com/advisories/41328/
http://secunia.com/advisories/41390/
http://secunia.com/advisories/41443/
http://secunia.com/advisories/41535/
http://secunia.com/advisories/41841/
http://secunia.com/advisories/41888/
http://secunia.com/advisories/41968/
http://secunia.com/advisories/42151/
http://secunia.com/advisories/42264/
http://secunia.com/advisories/42290/
http://secunia.com/advisories/42312/
http://secunia.com/advisories/42443/
http://secunia.com/advisories/42461/
http://secunia.com/advisories/42658/
http://secunia.com/advisories/42769/
http://secunia.com/advisories/42886/
http://secunia.com/advisories/42956/
http://secunia.com/advisories/43053/
http://secunia.com/advisories/43068/
http://dvw-j.blogspot.com/2011/01/sssd-red-hat-fedora.html
http://dvw-j.blogspot.com/2011/01/hp-linux-imaging-and-printing-red-hat.html
http://dvw-j.blogspot.com/2011/01/sudo.html
http://dvw-j.blogspot.com/2011/01/gnome-project-evince-canonical-ltd.html
http://dvw-j.blogspot.com/2010/12/opensc.html
http://dvw-j.blogspot.com/2010/12/cgipm-cgisimple.html
CVE:CVE-2008-3916, CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1690, CVE-2009-1691, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2009-4134, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1163, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1449, CVE-2010-1450, CVE-2010-1455, CVE-2010-1634, CVE-2010-1646, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2089, CVE-2010-2264, CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-2640, CVE-2010-2643, CVE-2010-2761, CVE-2010-2891, CVE-2010-2992, CVE-2010-2993, CVE-2010-2994, CVE-2010-2995, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3445, CVE-2010-3493, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040, CVE-2010-4267, CVE-2010-4300, CVE-2010-4301, CVE-2010-4341, CVE-2010-4410, CVE-2010-4411, CVE-2010-4523, CVE-2011-0010
危険性:High Risk

SUSE Linux Enterprise Server

ソフト名:SUSE Linux Enterprise Server (SLES) 10
回避策:SUSE-SA:2011:005にて対応
脆弱性:セキュリティ制限の回避, 権限の昇格, DoS攻撃, スタックオーバーフロー
ソース:
http://www.novell.com/products/server/
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html
http://secunia.com/advisories/42035/
http://secunia.com/advisories/42372/
http://secunia.com/advisories/43056/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
CVE:CVE-2010-3699, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-4160, CVE-2010-4258
危険性:Medium Risk

Uploader Plugin

ソフト名:WordPress Uploader Plugin 1.0.0
回避策:未対応
脆弱性:XSS, 不正アクセス, 不正HTMLの実行, スクリプトコード実行, リモートファイルアップロード, PHPコード実行
ソース:
http://wordpress.org/extend/plugins/uploader/
http://www.autosectools.com/Advisories/WordPress.Uploader.1.0.0_Reflected.Cross-site.Scripting_77.html
http://www.autosectools.com/Advisories/WordPress.Uploader.1.0.0_Arbitrary.Upload_78.html
http://secunia.com/advisories/43075/
危険性:High Risk

Kernel.org Linux Kernel

ソフト名:Kernel.org Linux Kernel 2.6.38-rc2未満
回避策:アップデートにて対応
脆弱性:権限の昇格, DoS攻撃, カーネルメモリ破壊
ソース:
http://www.kernel.org/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644
http://secunia.com/advisories/43009/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
CVE:CVE-2011-0521
危険性:Medium Risk

IBM Lotus Web Content Management, IBM WebSphere Portal

ソフト名:IBM Lotus Web Content Management 6.x/7.x, IBM WebSphere Portal 6.x/7.x
回避策:PM22167, PM26397, PM25191にて対応
脆弱性:機密情報の奪取
ソース:
http://www-01.ibm.com/software/lotus/products/webcontentmanagement/
http://www-01.ibm.com/software/websphere/portal/
http://www.ibm.com/support/docview.wss?uid=swg21460422
危険性:Medium Risk

Featured Content Plugin

ソフト名:WordPress Featured Content Plugin 0.0.1
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://wordpress.org/extend/plugins/featured-content/
http://www.autosectools.com/Advisories/WordPress.Featured.Content.0.0.1_Reflected.Cross-site.Scripting_88.html
http://secunia.com/advisories/43064/
危険性:Medium Risk

FCChat Widget Plugin

ソフト名:WordPress FCChat Widget Plugin 2.1.7
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://wordpress.org/extend/plugins/featured-content/
http://www.autosectools.com/Advisories/WordPress.FCChat.Widget.2.1.7_Reflected.Cross-site.Scripting_83.html
http://secunia.com/advisories/43063/
危険性:Medium Risk

Conduit Banner Plugin

ソフト名:WordPress Conduit Banner Plugin 0.2
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://wordpress.org/extend/plugins/conduit-banner-selector/
http://www.autosectools.com/Advisories/WordPress.Conduit.Banner.Plugin.0.2_Reflected.Cross-site.Scripting_90.html
http://secunia.com/advisories/43062/
危険性:Medium Risk

WP Publication Archive Plugin

ソフト名:WordPress WP Publication Archive Plugin 2.0.1
回避策:未対応
脆弱性:機密情報の奪取, ファイルダウンロード
ソース:
http://wordpress.org/extend/plugins/wp-publication-archive/
http://www.autosectools.com/Advisories/WordPress.WP.Publication.Archive.2.0.1_Local.File.Inclusion_91.html
http://secunia.com/advisories/43067/
危険性:Medium Risk

Automated Solutions Inc. Modbus/TCP Master OPC Server

ソフト名:Automated Solutions Inc. Modbus/TCP Master OPC Server 3.0.2未満
回避策:アップデートにて対応
脆弱性:不正アクセス, DoS攻撃, バウンダリエラー, バッファオーバーフロー, ローカルコード実行
ソース:
http://automatedsolutions.com/products/opcmodbustcp.asp
http://automatedsolutions.com/pub/asmbtcpopc/readme.htm
http://secunia.com/advisories/43029/
危険性:Medium Risk

WordPress Audio Plugin

ソフト名:WordPress Audio Plugin 0.5.1
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://www.wordpress-plugin.org/plugin/audio-plugin/
http://www.autosectools.com/Advisories/WordPress.Audio.0.5.1_Reflected.Cross-site.Scripting_84.html
http://secunia.com/advisories/43070/
危険性:Medium Risk

Pleer RSS Feed Reader

ソフト名:Pleer RSS Feed Reader for WordPress Plugin 0.1
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://pleer.co.uk/wordpress/plugins/rss-feed-reader
http://www.autosectools.com/Advisories/WordPress.RSS.Feed.Reader.for.WordPress.0.1_Reflected.Cross-site.Scripting_82.html
http://secunia.com/advisories/43071/
危険性:Medium Risk

Canonical Ltd. Ubuntu Linux

ソフト名:Canonical Ltd. Ubuntu Linux 6.06/8.04/9.10/10.04/10.10
回避策:USN-1047-1にて対応
脆弱性:セキュリティ制限の回避, 不正アクセス
ソース:
http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001233.html
http://secunia.com/advisories/20164/
http://secunia.com/advisories/43004/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369
CVE:CVE-2010-4369
危険性:Medium Risk

Mozilla Foundation Bugzilla

ソフト名:Mozilla Foundation Bugzilla 3.2.10/3.4.10/3.6.4未満
回避策:アップデートにて対応
脆弱性:セキュリティ制限の回避, XSS, ブルートフォース攻撃, HTTPレスポンス分割攻撃, CSRF, スクリプトの挿入, 不正アクセス, HTTPヘッダインジェクション, 不正HTMLの挿入, 不正HTMLのリクエスト
ソース:
http://www.bugzilla.org/releases/3.0/
http://www.bugzilla.org/security/3.2.9/
http://secunia.com/advisories/43033/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0048
CVE:CVE-2010-2761, CVE-2010-4411, CVE-2010-4567, CVE-2010-4568, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048
危険性:Medium Risk

Progress OpenEdge

ソフト名:Progress OpenEdge 10.2A
回避策:未対応
脆弱性:セキュリティ制限の回避, 認証エラー
ソース:
http://web.progress.com/en/openedge/index.html
http://dsecrg.com/pages/vul/show.php?id=308
http://secunia.com/advisories/43024/
危険性:Medium Risk

WP Featured Post with thumbnail

ソフト名:WP Featured Post with thumbnail plugin 3.0 for WordPress
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://wordpress.org/extend/plugins/wp-featured-post-with-thumbnail/
http://www.autosectools.com/Advisories/WordPress.WP.Featured.Post.with.thumbnail.3.0_Reflected.Cross-site.Scripting_81.html
http://secunia.com/advisories/43072/
危険性:Medium Risk

SAP Crystal Reports Server

ソフト名:SAP Crystal Reports Server 2008
回避策:あり
脆弱性:XSS, データ操作, 機密情報の奪取, 不正アクセス, 不正HTMLの実行, スクリプトコード実行, ファイル操作, プロセスの終了, ディレクトリトラバーサル, ファイルの曝露
ソース:
http://www.sap.com/solutions/sap-crystal-solutions/index.epx
https://service.sap.com/sap/support/notes/1458310
https://service.sap.com/sap/support/notes/1458309
https://service.sap.com/sap/support/notes/1476930
http://dsecrg.com/pages/vul/show.php?id=301
http://dsecrg.com/pages/vul/show.php?id=302
http://dsecrg.com/pages/vul/show.php?id=303
http://secunia.com/advisories/43060/
危険性:High Risk

BezahlCode-Generator Plugin

ソフト名:BezahlCode-Generator Plugin 1.0 for WordPress
回避策:未対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://www.bezahlcode.de/bezahlcode-generator-als-wordpress-plugin/
http://www.autosectools.com/Advisories/WordPress.BezahlCode-Generator.1.0_Reflected.Cross-site.Scripting_80.html
http://secunia.com/advisories/43073/
危険性:Medium Risk

Mosets Tree

ソフト名:Mosets Tree 2.1.9未満 for Joomla!
回避策:アップデートにて対応
脆弱性:未知の脆弱性
ソース:
http://www.mosets.com/tree/
http://forum.mosets.com/showthread.php?t=17297
http://secunia.com/advisories/43039/
危険性:Medium Risk

RSA Data Protection Manager

ソフト名:RSA Data Protection Manager (RKM) 1.5.x.x
回避策:あり
脆弱性:データ操作, 機密情報の奪取, SQLインジェクション
ソース:
http://www.rsa.com/node.aspx?id=1203
http://seclists.org/bugtraq/2011/Jan/att-138/ESA-2011-001.txt
http://secunia.com/advisories/43057/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1904
CVE:CVE-2010-1904
危険性:Medium Risk

2011-01-25

Canonical Ltd. Ubuntu Linux

ソフト名:Canonical Ltd. Ubuntu Linux 9.10~10.10
回避策:USN-1048-1にて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行
ソース:
http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-January/001234.html
http://secunia.com/advisories/42337/
http://secunia.com/advisories/43019/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
CVE:CVE-2010-4172
危険性:Medium Risk

PHP Link Directory

ソフト名:PHP Link Directory 4.1.0
回避策:未対応
脆弱性:XSS, CSRF, 不正HTTPのリクエスト
ソース:
http://www.phplinkdirectory.com/
http://secunia.com/advisories/43032/
危険性:Medium Risk

MaraDNS

ソフト名:MaraDNS 1.4.05
回避策:未対応
脆弱性:DoS攻撃, 不正アクセス, バッファオーバーフロー
ソース:
http://maradns.org/index.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
http://secunia.com/advisories/43027/
危険性:High Risk

SRWare Iron

ソフト名:SRWare Iron 8.0.555.1未満
回避策:アップデートにて対応
脆弱性:データ操作, 不正アクセス, 解放後使用エラー, スタックメモリ破壊, 区域外メモリの使用, バッファオーバーフロー
ソース:
http://www.srware.net/en/software_srware_iron.php
http://www.srware.net/forum/viewtopic.php?f=18&t=2054
http://secunia.com/advisories/42850/
http://secunia.com/advisories/42951/
http://dvw-j.blogspot.com/2011/01/google-chrome.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0485
CVE:CVE-2011-0470, CVE-2011-0471, CVE-2011-0472, CVE-2011-0473, CVE-2011-0474, CVE-2011-0475, CVE-2011-0476, CVE-2011-0477, CVE-2011-0478, CVE-2011-0479, CVE-2011-0480, CVE-2011-0481, CVE-2011-0482, CVE-2011-0483, CVE-2011-0484, CVE-2011-0485
危険性:High Risk

Gentoo Linux

ソフト名:Gentoo Linux 9.4.1未満
回避策:アップデート, GLSA 201101-08にて対応
脆弱性:権限の昇格, 不正アクセス, バッファオーバーフロー, リモートコード実行, メモリ破壊, 整数オーバーフロー
ソース:
http://www.gentoo.org/
http://www.gentoo.org/security/en/glsa/glsa-201101-08.xml
http://secunia.com/advisories/41340/
http://secunia.com/advisories/41435/
http://secunia.com/advisories/42030/
http://secunia.com/advisories/42095/
http://secunia.com/advisories/43025/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
CVE:CVE-2010-2883, CVE-2010-2884, CVE-2010-2887, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3632, CVE-2010-3654, CVE-2010-3656, CVE-2010-3657, CVE-2010-3658, CVE-2010-4091
危険性:High Risk

PHP Coupon Script

ソフト名:PHP Coupon Script 6.0
回避策:未対応
脆弱性:データ操作, SQLインジェクション
ソース:
http://www.couponscript.com/
http://secunia.com/advisories/43034/
危険性:Medium Risk

Red Hat Fedora

ソフト名:Red Hat Fedora 13/14
回避策:FEDORA-2011-0321, FEDORA-2011-0329にて対応
脆弱性:DoS攻撃, 無限ループ
ソース:
https://fedoraproject.org/wiki/F13_one_page_release_notes
http://fedoraproject.org/
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053330.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053331.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053332.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053333.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053355.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053356.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053357.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053358.html
http://secunia.com/advisories/43051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645
CVE:CVE-2010-4645
危険性:Low Risk

Red Hat Fedora

ソフト名:Red Hat Fedora 13/14
回避策:FEDORA-2011-0352, FEDORA-2011-0335にて対応
脆弱性:XSS, 不正HTMLの実行, スクリプトコード実行, SQLインジェクション, データ操作
ソース:
https://fedoraproject.org/wiki/F13_one_page_release_notes
http://fedoraproject.org/
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053349.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053367.html
http://secunia.com/advisories/42431/
http://secunia.com/advisories/42755/
http://secunia.com/advisories/43050/
http://dvw-j.blogspot.com/2010/12/wordpress.html
http://dvw-j.blogspot.com/2011/01/wordpress.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4536
CVE:CVE-2010-4257, CVE-2010-4536
危険性:Medium Risk

Yubico Inc. yubikey-personalization

ソフト名:Yubico Inc. yubikey-personalization 1.3.4未満
回避策:アップデートにて対応
脆弱性:セキュリティ制限の回避, ブルートフォース攻撃, セキュリティの強度不足
ソース:
http://code.google.com/p/yubikey-personalization/
http://code.google.com/p/yubikey-personalization/source/detail?r=259
http://secunia.com/advisories/43042/
危険性:Low Risk

Cultuzz Digital Media CultBooking

ソフト名:Cultuzz Digital Media CultBooking 2.0.4
回避策:未対応
脆弱性:XSS, 不正アクセス, 不正HTMLの実行, スクリプトコード実行, RFI
ソース:
http://www.cultuzz.com/cultbooking
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4987.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4988.php
http://secunia.com/advisories/43036/
危険性:High Risk

A-V Tronics InetServer

ソフト名:A-V Tronics InetServer 3.2.3
回避策:未対応
脆弱性:不正アクセス, メモリ破壊, リモートコード実行
ソース:
http://www.avtronics.net/inetserv.php
http://secunia.com/advisories/43035/
危険性:High Risk

Red Hat Fedora

ソフト名:Red Hat Fedora 13/14
回避策:FEDORA-2011-0345, FEDORA-2011-0362にて対応
脆弱性:データ操作, 不正アクセス, シムリンク攻撃
ソース:
https://fedoraproject.org/wiki/F13_one_page_release_notes
http://fedoraproject.org/
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
http://secunia.com/advisories/42826/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0402
CVE:CVE-2010-1679, CVE-2011-0402
危険性:Medium Risk

Gentoo Linux

ソフト名:Gentoo Linux
回避策:アップデート, GLSA 201101-09にて対応
脆弱性:セキュリティ制限の回避, XSS, 機密情報の奪取, 不正アクセス, クリック乗っ取り
ソース:
http://www.gentoo.org/
http://www.gentoo.org/security/en/glsa/glsa-201101-09.xml
http://secunia.com/advisories/38547/
http://secunia.com/advisories/40026/
http://secunia.com/advisories/40907/
http://secunia.com/advisories/41434/
http://secunia.com/advisories/41917/
http://secunia.com/advisories/43026/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3976
CVE:CVE-2008-4546, CVE-2009-3793, CVE-2010-0186, CVE-2010-0187, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
危険性:High Risk