Информационная безопасность
[RU] switch to English


DoS против HP XP P9000 Command View Advanced Edition
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12853
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : XP P9000
CVE:CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS) (04.02.2013)

Уязвимости безопасности в Apple TV
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12854
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, DoS.
Затронутые продукты:APPLE : Apple TV 5.2
CVE:CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.)
 CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-01-28-2 Apple TV 5.2 (04.02.2013)

Многочисленные уязвимости безопасности в Apple iOS
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12855
Тип:библиотека
Уровень опасности:
6/10
Описание:Утечка информации, некорректная работа с сертификатами, многочисленные ошибки в WebKit.
Затронутые продукты:APPLE : Apple iOS 6.0
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-01-28-1 iOS 6.1 Software Update (04.02.2013)

DoS против libssh
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12856
Тип:библиотека
Уровень опасности:
5/10
Описание:Отказ при проверка параметров протокола.
Затронутые продукты:LIBSSH : libssh 0.5
CVE:CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.)
Оригинальный текстdocumentUBUNTU, [USN-1707-1] libssh vulnerability (04.02.2013)

Переполнение буфера в EMC AlphaStor
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12857
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при создании имени устройства.
Затронутые продукты:EMC : AlphaStor 4.0
CVE:CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.)
Оригинальный текстdocumentEMC, ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability (04.02.2013)

Уязвимости безопасности в Serva
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12858
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS условия при обработке HTTP и DNS запросов.
Оригинальный текстdocumentInshell Security, [IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service (04.02.2013)
 documentInshell Security, [IA33] Serva v2.0.0 DNS Server Remote Denial of Service (04.02.2013)

Многочисленные уязвимости безопасности в libav / ffmpeg
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12859
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти при разборе различных форматов.
CVE:CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN.")
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.)
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value.)
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes.")
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes.")
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough.")
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size.")
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame.")
Оригинальный текстdocumentUBUNTU, [USN-1705-1] Libav vulnerabilities (04.02.2013)

Уязвимости безопасности в FortiNet FortiMail
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12860
Тип:удаленная
Уровень опасности:
5/10
Описание:Различные уязвимости в веб-интерфейсе.
Затронутые продукты:FORTINET : FortiMail 400
Оригинальный текстdocumentVulnerability Lab, Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities (04.02.2013)

Уязвимости безопасности в Buffalo TeraStation
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12861
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполненение кода, утечка информаии.
Оригинальный текстdocumentAndrea Fabrizi, Buffalo TeraStation TS-Series multiple vulnerabilities (04.02.2013)

Уязвимости безопасности в libvirt
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12862
Тип:библиотека
Уровень опасности:
5/10
Описание:Несколько DoS-условий.
Затронутые продукты:LIBVIRT : libvirt 0.10
CVE:CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.)
 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.)
Оригинальный текстdocumentUBUNTU, [USN-1708-1] libvirt vulnerabilities (04.02.2013)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12864
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:ELGG : Elgg 1.8
 WORDPRESS : WordPress 3.5
 RAILS : Ruby on Rails 3.0
 RAILS : Ruby on Rails 2.3
 DATALIFE : DataLife Engine 9.7
 KOHANA : Kohana 2.3
 WORDPRESS : WordPress Attack Scanner 0.9
CVE:CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
Оригинальный текстdocumentMustLive, Re: Wordpress Pingback Port Scanner (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Chocolate WP theme for WordPress (04.02.2013)
 documentMustLive, Vulnerabilities in WordPress Attack Scanner for WordPress (04.02.2013)
 documentmo bkafek, WordPressSearch plugin SQL Injection Vulnerability (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Flash News theme for WordPress (04.02.2013)
 documentVulnerability Lab, nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities (04.02.2013)
 documentVulnerability Lab, Kohana Framework v2.3.3 - Directory Traversal Vulnerability (04.02.2013)
 documentEgidio Romano, [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability (04.02.2013)
 documentMoritz Naumann, XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") (04.02.2013)
 documentDEBIAN, [SECURITY] [DSA 2613-1] rails security update (04.02.2013)

Утечка информации в IP-камерах D-Link
дополнено с 17 декабря 2012 г.
Опубликовано:4 февраля 2013 г.
Источник:
SecurityVulns ID:12788
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно получить пароль камеры.
Затронутые продукты:DLINK : D-Link DCS-932L
 DLINK : D-Link DCS-930L
CVE:CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.)
Оригинальный текстdocumentRoberto Paleari, Unauthenticated remote access to D-Link DCS cameras (04.02.2013)
 documentdoylej.ia_(at)_gmail.com, Password Disclosure in D-Link IP Cameras (CVE-2012-4046) (17.12.2012)
Файлы:Password Disclosure in D-Link Surveillance Cameras (CVE-2012-4046)

Ошибка форматной строки в маршрутизаторах на чипсете Broadcom
дополнено с 4 февраля 2013 г.
Опубликовано:11 февраля 2013 г.
Источник:
SecurityVulns ID:12852
Тип:библиотека
Уровень опасности:
8/10
Описание:Ошибка форматной строки в стеке UPnP
Затронутые продукты:CISCO : Linksys WRT54GL
 LIBUPNP : libupnp 1.3
 LIBUPNP : libupnp 1.6
CVE:CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.)
 CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.)
 CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.)
 CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.)
 CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.)
 CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.)
 CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.)
 CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.)
Оригинальный текстdocumentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up (11.02.2013)
 documentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability (04.02.2013)
Файлы:Vulnerability Note VU#922681 Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities

DoS против squid cachmanager
дополнено с 4 февраля 2013 г.
Опубликовано:24 февраля 2013 г.
Источник:
SecurityVulns ID:12851
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание системных ресурсов в cachemgr.cgi.
Затронутые продукты:SQUID : squid 3.3
CVE:CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.)
 CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.)
Оригинальный текстdocumentSQUID, [ MDVSA-2013:013 ] squid (24.02.2013)

Уязвимости безопасности в OpenStack
дополнено с 4 февраля 2013 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12863
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации в Nova и Glance, исчерпание ресурсов в Keystone.
Затронутые продукты:OPENSTACK : glance 2012.2
 OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Cinder 2012.2
CVE:CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.)
 CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.)
 CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.)
 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.)
 CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.)
 CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.)
 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.)
 CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.)
Оригинальный текстdocumentUBUNTU, [USN-1772-1] OpenStack Keystone vulnerability (24.03.2013)
 documentUBUNTU, [USN-1771-1] OpenStack Nova vulnerabilities (24.03.2013)
 documentUBUNTU, [USN-1764-1] OpenStack Glance vulnerability (19.03.2013)
 documentUBUNTU, [USN-1730-1] OpenStack Keystone vulnerabilities (24.02.2013)
 documentUBUNTU, [USN-1731-1] OpenStack Cinder vulnerability (24.02.2013)
 documentUBUNTU, [USN-1734-1] OpenStack Nova vulnerability (24.02.2013)
 documentUBUNTU, [USN-1715-1] OpenStack Keystone vulnerability (11.02.2013)
 documentUBUNTU, [USN-1710-1] OpenStack Glance vulnerability (04.02.2013)
 documentUBUNTU, [USN-1709-1] OpenStack Nova vulnerability (04.02.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород