Информационная безопасность
[RU] switch to English


Недостаточная проверка сертификата в OpenFire
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14448
Тип:m-i-t-m
Уровень опасности:
5/10
Затронутые продукты:OPENFIRE : OpenFire 3.9
CVE:CVE-2014-3451
Оригинальный текстdocumentsimon.waters_(at)_surevine.com, Incorrect handling of self signed certificates in OpenFire XMPP Server (05.05.2015)

Выполнение кода в libphp-snoopy
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14434
Тип:библиотека
Уровень опасности:
6/10
Затронутые продукты:SNOOPY : libphp-snoopy 2.0
CVE:CVE-2014-5008
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3248-1] libphp-snoopy security update (05.05.2015)

Многочисленные уязвимости безопасности в owncloud
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14433
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход ограничений, XSS, CSRF.
Затронутые продукты:OWNCLOUD : owncloud 7.0
CVE:CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file.)
 CVE-2015-3012 (Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.)
 CVE-2015-3011 (Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.)
 CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.)
 CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.)
 CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.)
 CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.)
Оригинальный текстdocumentMANDRIVA, [SECURITY] [DSA 3244-1] owncloud security update (05.05.2015)
 documentMANDRIVA, [ MDVSA-2015:191 ] owncloud (05.05.2015)
 documentMANDRIVA, [ MDVSA-2015:190 ] owncloud (05.05.2015)

DoS против icecast
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14438
Тип:удаленная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при аутентификации по URL.
Затронутые продукты:ICECAST : icecasat 2.4
CVE:CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3239-1] icecast2 security update (05.05.2015)

Уязвимости безопасности в PHP
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14443
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждения памяти при разборе архивов, выполнение кода в apache2handler.
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter.")
 CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.)
 CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:209 ] php (05.05.2015)

Повышение привилегий в usb-creator
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14447
Тип:локальная
Уровень опасности:
5/10
Оригинальный текстdocumentUBUNTU, [USN-2576-1] usb-creator vulnerability (05.05.2015)

Многочисленные уязвимости безопасности в qt
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14449
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждения памяти при разборе различных графических форматов.
Затронутые продукты:QT : qt 5.5
CVE:CVE-2015-1860 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted GIF image.)
 CVE-2015-1859 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted ICO image.)
 CVE-2015-1858 (Multiple buffer overflows in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image.)
 CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] qt (SSA:2015-111-13) (05.05.2015)

Несанкционированный доступ к файлам в ProFTPD
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14450
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированное копирование файлов через mod_copy.
Затронутые продукты:PROFTPD : ProFTPD 1.3
CVE:CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] proftpd (SSA:2015-111-12) (05.05.2015)

Слабые разрешения в HUAWEI MobiConnect
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14432
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на исполняемые файлы.
Затронутые продукты:HUAWEI : HUAWEI MobiConnect 23.9
Оригинальный текстdocumentVulnerability Lab, HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability (05.05.2015)

DoS против glusterfs
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14439
Тип:локальная
Уровень опасности:
4/10
Описание:Вечный цикл.
Затронутые продукты:GLUSTERFS : GlusterFS 3.5
CVE:CVE-2014-3619 (The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:211 ] glusterfs (05.05.2015)

Обращение к неинициализированной памяти в dnsmasq
дополнено с 4 мая 2015 г.
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14423
Тип:удаленная
Уровень опасности:
5/10
Описание:Обращение к неинициализированной памяти при разборе DNS-запроса.
Затронутые продукты:DNSMASQ : dnsmasq 2.73
CVE:CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.)
Оригинальный текстdocumentn.sampanis_(at)_obrela.com, Dnsmasq 2.72 Unchecked returned value (05.05.2015)
 documentUBUNTU, [USN-2593-1] Dnsmasq vulnerability (04.05.2015)

Повреждение памяти в LibreOffice
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14441
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе документов HWP.
Затронутые продукты:LIBREOFFICE : LibreOffice 4.4
 LIBREOFFICE : OpenOffice 4.1
CVE:CVE-2015-1774 (The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.)
Оригинальный текстdocumentUBUNTU, [USN-2578-1] LibreOffice vulnerabilities (05.05.2015)

Уязвимости безопасности в GNU glibc
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14431
Тип:библиотека
Уровень опасности:
9/10
Описание:Переполнение буфера в gethostbyname_r, кратковременные условия в getaddrinfo.
Затронутые продукты:GNU : glibc 2.19
CVE:CVE-2015-1781 (Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.)
 CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getaddrinfo function.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:218 ] glibc (05.05.2015)

Обратный путь в каталогах Elasticsearch
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14437
Тип:удаленная
Уровень опасности:
6/10
Описание:Обратный путь в каталогах через запросы к /_plugin
Затронутые продукты:ELASTIC : Elasticsearch 1.5
CVE:CVE-2015-3337 (Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.)
Оригинальный текстdocumentKevin Kluge, Elasticsearch vulnerability CVE-2015-3337 (05.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3241-1] elasticsearch security update (05.05.2015)

Повышение привилегий в automount
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14440
Тип:локальная
Уровень опасности:
4/10
Описание:Недостаточная фильтрация локальных переменных.
Затронутые продукты:AUTOMOUNT : automount 5.0
CVE:CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.)
Оригинальный текстdocumentUBUNTU, [USN-2579-1] autofs vulnerability (05.05.2015)

Слабая криптография в librsync
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14445
Тип:библиотека
Уровень опасности:
4/10
Описание:Используется криптографически слабый хэш.
Затронутые продукты:LIBRSYNC : librsync 1.0
CVE:CVE-2014-8242
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:204 ] librsync (05.05.2015)

Многочисленные уязвимости безопасности в SQLite
дополнено с 16 апреля 2015 г.
Опубликовано:5 мая 2015 г.
Источник:
SecurityVulns ID:14389
Тип:библиотека
Уровень опасности:
6/10
Описание:Свыше 20 ошибок, в т.ч. работа с неинициализированной памятью.
Затронутые продукты:SQLITE : SQLite 3.8
CVE:CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.)
 CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.)
 CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.)
Оригинальный текстdocumentDEBIAN, [ MDVSA-2015:217 ] sqlite3 (05.05.2015)
 documentMichal Zalewski, several issues in SQLite (+ catching up on several other bugs) (16.04.2015)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 5 мая 2015 г.
Опубликовано:10 мая 2015 г.
Источник:
SecurityVulns ID:14436
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS, повышение привилегий, обход защиты.
Затронутые продукты:XEN : xen 3.3
 LINUX : kernel 3.19
CVE:CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.)
 CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.)
 CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.)
 CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.)
 CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.)
 CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.)
 CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.)
 CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.)
 CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.)
Оригинальный текстdocumentUBUNTU, [USN-2597-2] Linux kernel (Trusty HWE) regression (10.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3237-1] linux security update (05.05.2015)
 documentHector Marco, AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% (05.05.2015)
 documentHector Marco, Linux ASLR mmap weakness: Reducing entropy by half (05.05.2015)
 documentUBUNTU, [USN-2583-1] Linux kernel vulnerability (05.05.2015)
 documentUBUNTU, [USN-2590-1] Linux kernel vulnerabilities (05.05.2015)

Подмена содержимого в perl-Module-Signature
дополнено с 5 мая 2015 г.
Опубликовано:12 мая 2015 г.
Источник:
SecurityVulns ID:14444
Тип:библиотека
Уровень опасности:
5/10
Описание:Неподписанное содержимое может быть интерпретировано как подписанное.
Затронутые продукты:PERL : perl-Module-Signature 0.730
CVE:CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.)
 CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.)
 CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.)
 CVE-2015-3406
Оригинальный текстdocumentUBUNTU, [USN-2607-1] Module::Signature vulnerabilities (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:207 ] perl-Module-Signature (05.05.2015)

Уязвимости безопасности libvirt / qemu
дополнено с 5 мая 2015 г.
Опубликовано:17 мая 2015 г.
Источник:
SecurityVulns ID:14442
Тип:локальная
Уровень опасности:
6/10
Описание:Отказ при разборе Physical Region Descriptor Table, контроллере IDE и регистрах PCI. Выполнение кода.
Затронутые продукты:QEMU : qemu 1.6
 QEMU : qemu 2.1
CVE:CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.)
 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.)
 CVE-2015-1779
 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.)
Оригинальный текстdocumentUBUNTU, [USN-2608-1] QEMU vulnerabilities (17.05.2015)
 documentMANDRIVA, [ MDVSA-2015:210 ] qemu (05.05.2015)

Многочисленные уязвимости безопасности в Google Chrome / Chromium
дополнено с 5 мая 2015 г.
Опубликовано:25 мая 2015 г.
Источник:
SecurityVulns ID:14435
Тип:клиент
Уровень опасности:
6/10
Затронутые продукты:GOOGLE : Chrome 41
 GOOGLE : Chrome 42
CVE:CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.)
 CVE-2015-3334 (browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.)
 CVE-2015-3333 (Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2015-1264 (Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.)
 CVE-2015-1263 (The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file.)
 CVE-2015-1262 (platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.)
 CVE-2015-1261 (android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.)
 CVE-2015-1260 (Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.)
 CVE-2015-1259 (PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2015-1258 (Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.)
 CVE-2015-1257 (platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.)
 CVE-2015-1256 (Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element.)
 CVE-2015-1255 (Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track.)
 CVE-2015-1254 (core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.)
 CVE-2015-1253 (core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.)
 CVE-2015-1252 (common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions.)
 CVE-2015-1251 (Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.)
 CVE-2015-1250 (Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2015-1249 (Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2015-1248 (The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.)
 CVE-2015-1247 (The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.)
 CVE-2015-1246 (Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2015-1245 (Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association.)
 CVE-2015-1244 (The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.)
 CVE-2015-1243 (Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.)
 CVE-2015-1242 (The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.)
 CVE-2015-1241 (Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.)
 CVE-2015-1240 (gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.)
 CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.)
 CVE-2015-1237 (Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.)
 CVE-2015-1236 (The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.)
 CVE-2015-1235 (The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3267-1] chromium-browser security update (25.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3238-1] chromium-browser security update (05.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3242-1] chromium-browser security update (05.05.2015)

Многочисленные уязвимости безопасности в wpa_supplicant
дополнено с 5 мая 2015 г.
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14446
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера, DoS уязвимости.
Затронутые продукты:GOOGLE : Android 5.1
 WPASUPPLICANT : wpa_supplicant 2.4
CVE:CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.)
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.)
 CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.)
 CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.)
 CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.)
Оригинальный текстdocumentUBUNTU, [USN-2650-1] wpa_supplicant and hostapd vulnerabilities (21.06.2015)
 documentUBUNTU, [USN-2577-1] wpa_supplicant vulnerability (05.05.2015)
 documentxing_fang_(at)_vulnhunt.com, [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow (05.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород