Microsoft Windows

ソフト名：Microsoft Windows Server 2003 Datacenter Edition/Server 2003 Enterprise Edition/Server 2003 Standard Edition/Server 2003 Web Edition/Storage Server 2003/XP Home Edition/XP Professional/Vista/Server 2008/7

回避策：KB2588513にて対応

脆弱性：セッションの乗っ取り, 機密情報の奪取, SSL脆弱性, TLS脆弱性, マンインミドル攻撃

ソース：

http://windows.microsoft.com/en-US/windows7/products/home

http://www.microsoft.com/en-us/server-cloud/windows-server/default.aspx

http://www.microsoft.com/en-us/server-cloud/windows-server/storage-server.aspx

http://windows.microsoft.com/en-us/windows-vista/products/home

http://technet.microsoft.com/en-us/security/advisory/2588513

http://secunia.com/advisories/46168/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

CVE：CVE-2011-3389

危険性：Low Risk

SUSE Linux Enterprise Server

ソフト名：SUSE Linux Enterprise Server (SLES) 10 (Kernel.org Linux Kernel 2.6.x)

回避策：SUSE-SA:2011:040, SUSE-SU-2011:1058-1にて対応

脆弱性：セッションの乗っ取り, 権限の昇格, DoS攻撃, システムアクセス, バッファオーバーフロー, 展開処理エラー, アロケーションエラー, 不正CIFSメッセージ, クラッシュ, メモリ破壊, 入力検証エラー, 区域外メモリの使用, カーネルスタックメモリの曝露

ソース：

http://www.suse.com/products/server/

http://www.suse.com/support/security/advisories/2011_40_kernel.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00023.html

http://secunia.com/advisories/41493/

http://secunia.com/advisories/43716/

http://secunia.com/advisories/44094/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/45695/

http://secunia.com/advisories/46104/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_3728.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://dvw-j.blogspot.com/2011/08/kernelorg-linux-kernel_26.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3191

CVE：CVE-2011-0726, CVE-2011-1017, CVE-2011-1093, CVE-2011-1585, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-2022, CVE-2011-2182, CVE-2011-2491, CVE-2011-2496, CVE-2011-3191

危険性：Medium Risk

TIBCO Managed File Transfer, TIBCO Slingshot

ソフト名：TIBCO Managed File Transfer Command Center 7.1.0以下/Internet Server 7.1.0以下, TIBCO Slingshot 1.8.0以下

回避策：アップデートにて対応

脆弱性：セッションの乗っ取り, XSS, 不正HTMLの実行, スクリプトコード実行

ソース：

http://www.tibco.com/products/soa/multi-enterprise-connectivity/managed-file-transfer/tibco-managed-file-transfer/default.jsp

http://www.tibco.com/products/soa/multi-enterprise-connectivity/managed-file-transfer/slingshot/default.jsp

http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp

http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt

http://secunia.com/advisories/45976/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3423

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3424

CVE：CVE-2011-3423, CVE-2011-3424

危険性：Medium Risk

TIBCO Spotfire Analytics Server, TIBCO Spotfire Server

ソフト名：TIBCO Spotfire Analytics Server 10.1.1未満, TIBCO Spotfire Server 3.0.0/3.0.1/3.1.0/3.1.1/3.2.0/3.3.0

回避策：アップデートにて対応

脆弱性：セッションの乗っ取り, XSS, データ操作, 機密情報の奪取, セッション固定攻撃, SQLインジェクション, 不正HTMLの実行, スクリプトコード実行

ソース：

http://spotfire.tibco.com/products/analytics-server.aspx

http://spotfire.tibco.com/products/spotfire-server.aspx

http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt

http://secunia.com/advisories/45864/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3132

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3133

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3134

CVE：CVE-2011-3132, CVE-2011-3133, CVE-2011-3134

危険性：Medium Risk

SUSE Linux Enterprise Server

ソフト名：SUSE Linux Enterprise Server (SLES) 10 (Kernel.org Linux Kernel 2.4.x/2.6.x)

回避策：SUSE-SA:2011:034, SUSE-SU-2011:0899-1にて対応

脆弱性：セッションの乗っ取り, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, バッファオーバーフロー, 展開処理エラー, カーネルのクラッシュ, システムコール, アロケーションエラー, メモリ破壊, 入力検証エラー, 区域外メモリの読み出し, カーネルスタックメモリの曝露

ソース：

http://www.suse.com/products/server/

http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00010.html

https://hermes.opensuse.org/messages/11075171

http://secunia.com/advisories/41493/

http://secunia.com/advisories/43716/

http://secunia.com/advisories/44094/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45530/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_3728.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496

CVE：CVE-2011-0726, CVE-2011-1017, CVE-2011-1093, CVE-2011-1494, CVE-2011-1495, CVE-2011-1585, CVE-2011-1593, CVE-2011-1745, CVE-2011-2022, CVE-2011-2182, CVE-2011-2484, CVE-2011-2491, CVE-2011-2496

危険性：Medium Risk

Novell Data Synchronizer

ソフト名：Novell Data Synchronizer 1.2

回避策：アップデートにて対応

脆弱性：セッションの乗っ取り, XSS, 機密情報の奪取, セッション固定攻撃, 不正HTMLの実行, スクリプトコード実行

ソース：

http://www.novell.com/products/data-synchronizer/

http://www.novell.com/support/viewContent.do?externalId=7009053

http://www.novell.com/support/viewContent.do?externalId=7009054

http://www.novell.com/support/viewContent.do?externalId=7009055

http://www.novell.com/support/viewContent.do?externalId=7009058

http://secunia.com/advisories/45527/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2221

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2222

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2223

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2224

CVE：CVE-2011-2221, CVE-2011-2222, CVE-2011-2223, CVE-2011-2224

危険性：Medium Risk

Novell openSUSE

ソフト名：Novell openSUSE 11.3 (Kernel.org Linux Kernel 2.6.x)

回避策：openSUSE-SU-2011:0861-1にて対応

脆弱性：セッションの乗っ取り, セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, メモリ破壊, 入力検証エラー, 区域外メモリの読み出し, カーネルメモリの曝露, クラッシュ, カーネルメモリ破壊, プロセス設定の操作, バッファオーバーフロー, バウンダリエラー, 二重解放エラー, メモリリーク, 展開処理エラー, システムコール

ソース：

http://www.opensuse.org/en/

https://hermes.opensuse.org/messages/10455025

http://secunia.com/advisories/41493/

http://secunia.com/advisories/43009/

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43716/

http://secunia.com/advisories/43841/

http://secunia.com/advisories/44091/

http://secunia.com/advisories/44094/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45458/

http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_29.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_13.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_3728.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1479

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496

CVE：CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1020, CVE-2011-1160, CVE-2011-1180, CVE-2011-1479, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593, CVE-2011-2182, CVE-2011-2484, CVE-2011-2491, CVE-2011-2495, CVE-2011-2496

危険性：Medium Risk

HP SiteScope

ソフト名：HP SiteScope 9.x/10.x/11.x

回避策：HPSBMU02692 SSRT100581にて対応

脆弱性：XSS, スプーフィング, セッション固定攻撃, 不正HTMLの実行, スクリプトコード実行, セッションの乗っ取り

ソース：

http://www8.hp.com/us/en/software/software-product.html?compURI=tcm:245-937086

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02940969

http://secunia.com/advisories/45440/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2400

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2401

CVE：CVE-2011-2400, CVE-2011-2401

危険性：Medium Risk

Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server (SLES) 11 (Kernel.org Linux Kernel 2.6.x)

回避策：SUSE-SA:2011:031, SUSE-SU-2011:0832-1にて対応

脆弱性：セッションの乗っ取り, セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, メモリ破壊, 入力検証エラー, 区域外メモリの読み出し, カーネルメモリの曝露, クラッシュ, プロセス設定の操作, バッファオーバーフロー, メモリリーク, 展開処理エラー, システムコール, NULLポインタ参照エラー, アロケーションエラー

ソース：

http://www.novell.com/promo/home/sle11.html

http://www.suse.com/products/highavailability/

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00012.html

http://secunia.com/advisories/41493/

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43537/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43716/

http://secunia.com/advisories/43806/

http://secunia.com/advisories/44094/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/44220/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45392/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_02.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_3728.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_26.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1012

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1173

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2496

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517

CVE：CVE-2011-1012, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1160, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-2182, CVE-2011-2183, CVE-2011-2213, CVE-2011-2491, CVE-2011-2496, CVE-2011-2517

危険性：Medium Risk

SUSE Linux Enterprise Server

ソフト名：SUSE Linux Enterprise Server (SLES) 10 (Kernel.org Linux Kernel 2.6.x)

回避策：SUSE-SU-2011:0711-1, SUSE-SA:2011:027にて対応

脆弱性：セッションの乗っ取り, セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, カーネルのクラッシュ, メモリの浪費, メモリ破壊, 入力検証エラー, カーネルメモリの曝露, バッファオーバーフロー, メモリリーク, バウンダリエラー, システムコール

ソース：http://www.novell.com/products/server/

https://hermes.opensuse.org/messages/9067444

http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00016.html

http://secunia.com/advisories/39080/

http://secunia.com/advisories/41493/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43716/

http://secunia.com/advisories/43806/

http://secunia.com/advisories/43846/

http://secunia.com/advisories/43841/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/45124/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_23.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_29.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1012

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1477

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

CVE：CVE-2009-4536, CVE-2010-0008, CVE-2010-4251, CVE-2011-1010, CVE-2011-1012, CVE-2011-1016, CVE-2011-1017, CVE-2011-1160, CVE-2011-1163, CVE-2011-1180, CVE-2011-1182, CVE-2011-1476, CVE-2011-1477, CVE-2011-1493, CVE-2011-1573, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593

危険性：Medium Risk

HP Service Center, HP Service Manager

ソフト名：HP Service Center/Center client v6.2.8(AIX, HP-UX, Linux, Solaris, Windows), HP Service Manager/Manager client v7.02/v7.11/v9.21/v9.20(AIX, HP-UX, Linux, Solaris, Windows)

回避策：HPSBMA02674 SSRT100487にて対応

脆弱性：セッションの乗っ取り, セキュリティ制限の回避, XSS, 機密情報の奪取, スクリプト挿入攻撃, 不特定のエラー, 不正アクセス, キャッシュ汚染, 不正HTMLの実行, スクリプトコード実行

ソース：http://h10076.www1.hp.com/education/hpsw/ov_service_center_6x.htm

http://www8.hp.com/us/en/software/software-product.html?compURI=tcm:245-937082

https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02863015

http://secunia.com/advisories/44836/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1857

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1858

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1859

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1860

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1861

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1863

CVE：CVE-2011-1857, CVE-2011-1858, CVE-2011-1859, CVE-2011-1860, CVE-2011-1861, CVE-2011-1862, CVE-2011-1863

危険性：Medium Risk

Debian GNU/Linux

ソフト名：Debian GNU/Linux 6.0 (Kernel.org Linux Kernel 2.6.x)

回避策：DSA-2240-1にて対応

脆弱性：セッションの乗っ取り, セキュリティ制限の回避, スプーフィング, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, カーネルメモリ破壊, カーネルスタックメモリの曝露, クラッシュ, デリファレンスエラー, カーネルのクラッシュ, メモリリーク, バッファオーバーフロー, バウンダリエラー, メモリ破壊, システムコール, NULLポインタ参照エラー, アロケーションエラー

ソース：http://www.debian.org/

http://www.us.debian.org/security/2011/dsa-2240

http://secunia.com/advisories/41493/

http://secunia.com/advisories/42061/

http://secunia.com/advisories/43009/

http://secunia.com/advisories/43358/

http://secunia.com/advisories/43537/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43594/

http://secunia.com/advisories/43693/

http://secunia.com/advisories/43806/

http://secunia.com/advisories/43841/

http://secunia.com/advisories/43846/

http://secunia.com/advisories/44164/

http://secunia.com/advisories/44220/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/44682/

http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/02/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_02.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_08.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_3101.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_23.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_29.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_26.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3875

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1173

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1477

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1759

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1767

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

CVE：CVE-2010-3875, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1016, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1476, CVE-2011-1477, CVE-2011-1478, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1759, CVE-2011-1767, CVE-2011-1770, CVE-2011-1776, CVE-2011-2022

危険性：Medium Risk

Xataface

ソフト名：Xataface 1.0〜1.3rc1

回避策：アップデートにて対応

脆弱性：セッションの乗っ取り, 出力キャッシュエラー

ソース：http://xataface.com/

http://secunia.com/advisories/44130/

危険性：Medium Risk

LMS Web Ensino

ソフト名：LMS Web Ensino
回避策：未対応
脆弱性：XSS, データ操作, 機密情報の奪取, CSRF, セッション固定攻撃, 不正HTMLの実行, スクリプトコード実行, SQLインジェクション, 不正HTTPのリクエスト, パスワード操作, セッションの乗っ取り
ソース：http://www.webensino.com.br/?p=webensino
http://archives.neohapsis.com/archives/bugtraq/2011-03/0063.html
http://secunia.com/advisories/43651/
危険性：Medium Risk

Red Hat Network Satellite Server

ソフト名：Red Hat Network Satellite Server 5.x
回避策：アップデート, RHSA-2011:0300-1にて対応
脆弱性：セッションの乗っ取り, ブルートフォース攻撃, セッション固定攻撃
ソース：http://www.redhat.com/
https://rhn.redhat.com/errata/RHSA-2011-0300.html
http://secunia.com/advisories/43487/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0718
CVE：CVE-2011-0717, CVE-2011-0718
危険性：Medium Risk

Debian GNU/Linux

ソフト名：Debian GNU/Linux 5.0
回避策：DSA-2172-1にて対応
脆弱性：XSS, セッションの乗っ取り, 不正HTMLの実行, スクリプトコード実行, 機密情報の奪取, シムリンク攻撃, ファイル操作, ディレクトリトラバーサル
ソース：http://www.debian.org/
http://www.debian.org/security/2011/dsa-2172
http://secunia.com/advisories/40845/
http://secunia.com/advisories/41655/
http://secunia.com/advisories/43427/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3692
CVE：CVE-2010-2795, CVE-2010-2796, CVE-2010-3690, CVE-2010-3691, CVE-2010-3692
危険性：Medium Risk

Adobe ColdFusion

ソフト名：Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 (Windows, Macintosh, UNIX)
回避策：APSB11-04にて対応
脆弱性：XSS, 機密情報の奪取, HTTPヘッダインジェクション, セッション固定攻撃, 不正HTMLの実行, スクリプトコード実行, スクリプトの挿入, セッションの乗っ取り
ソース：http://www.adobe.com/products/coldfusion/
http://www.adobe.com/support/security/bulletins/apsb11-04.html
http://secunia.com/advisories/43264/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0584
CVE：CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584
危険性：Medium Risk

TIBCO ActiveCatalog, TIBCO Collaborative Information Manager

ソフト名：TIBCO ActiveCatalog 1.0.1未満, TIBCO Collaborative Information Manager 8.1.0未満
回避策：アップデートにて対応
脆弱性：セッションの乗っ取り, XSS, データ操作, 機密情報の奪取, セッション固定攻撃, SQLインジェクション, 不正HTMLの実行, スクリプトコード実行, 特定されていないエラー
ソース：http://www.tibco.com/
http://www.tibco.com/products/soa/mdm/collaborative-information-manager/default.jsp
http://www.tibco.com/multimedia/cim_advisory_20110105_tcm8-12765.txt
http://secunia.com/advisories/42791/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4499
CVE：CVE-2010-4496, CVE-2010-4497, CVE-2010-4498, CVE-2010-4499
危険性：Medium Risk

Cisco製品

ソフト名：Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU), Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Cisco Unified Videoconferencing 3545 System/5110 System/5115 System/5230 System
回避策：cisco-sr-20101117-cuvcにて対応
脆弱性：不可変のユーザー名とパスワードの包含, リモートコマンド実行, セキュリティの強度不足, 機密情報の奪取, 不正アクセス, ユーザーセッションの乗っ取り, クッキーのストア, FTPサーバーの使用可能性, リモートアクセス, DoS攻撃
ソース：http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml
http://www.trustmatta.com/advisories/MATTA-2010-001.txt
http://www.securityfocus.com/bid/44922
http://www.securityfocus.com/bid/44923
http://www.securityfocus.com/bid/44924
http://www.securityfocus.com/bid/44925
http://www.securityfocus.com/bid/44926
http://www.securityfocus.com/bid/44927
http://www.securityfocus.com/bid/44928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3038
http://secunia.com/advisories/42248
CVE：CVE-2010-3037, CVE-2010-3038
危険性：High Risk

IBM Omnifind

ソフト名：IBM Omnifind 8.x Enterprise/9.1 Enterprise
回避策：未対応
脆弱性：セッションの乗っ取り, セキュリティの強度不足, 不正アクセス, 機密情報の奪取, DoS攻撃, 権限の昇格, 無限ループ
ソース：http://archives.neohapsis.com/archives/bugtraq/2010-11/0090.html
http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt
http://www-01.ibm.com/software/data/enterprise-search/omnifind-enterprise/
http://www.exploit-db.com/exploits/15476/
http://www.securityfocus.com/bid/44740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3899
http://www.vupen.com/english/advisories/2010/2933
CVE：CVE-2010-3892, CVE-2010-3893, CVE-2010-3896, CVE-2010-3897, CVE-2010-3898, CVE-2010-3899
危険性：Medium Risk