Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Xen
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13110
Тип:локальная
Уровень опасности:
5/10
Описание:DoS, утечка информации, повышение привилегий.
Затронутые продукты:XEN : Xen 4.0
 XEN : Xen 4.1
CVE:CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possible have other impacts via unspecified vectors.)
 CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors.)
 CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2666-1] xen security update (05.06.2013)

DoS против Cisco TelePresence Supervisor
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13111
Тип:удаленная
Уровень опасности:
5/10
Описание:Исчерпание ресурсов через TCP.
Затронутые продукты:CISCO : TelePresence Supervisor MSE 8050
CVE:CVE-2013-1236 (Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing TCP connections at a high rate, aka Bug IDs CSCuf76076 and CSCuf79763.)
Файлы:Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability

Недостаточная проверка https в python-httplib
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13113
Тип:библиотека
Уровень опасности:
5/10
Описание:Сертификат валидируется только на первом запросе.
CVE:CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:168 ] python-httplib2 (05.06.2013)

Криптографические уязвимости в OpenVPN
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13114
Тип:m-i-t-m
Уровень опасности:
7/10
Описание:При использовании UDP возможно внедрение текста и восстановление зашифрованного текста.
Затронутые продукты:OPENVPN : OpenVPN 2.2
CVE:CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UPD mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:167 ] openvpn (05.06.2013)

Переполнение буфера в службе каталогов Apple Mac OS X
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13115
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе запроса.
Затронутые продукты:APPLE : MacOS X 10.6
CVE:CVE-2013-0984 (Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2013-0103] Mac OSX Server DirectoryService buffer overflow (05.06.2013)
Файлы:Mac OS X Server 10.6.8 Directory Server DoS

Многочисленные уязвимости безопасности в HP Data Protector
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13116
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышение привилегий, выполнение кода, DoS.
Затронутые продукты:HP : HP Storage Data Protector 6.21
 HP : HP Storage Data Protector 7.01
CVE:CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.)
 CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681.)
 CVE-2013-2333 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.)
 CVE-2013-2332 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.)
 CVE-2013-2331 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.)
 CVE-2013-2330 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.)
 CVE-2013-2329 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.)
 CVE-2013-2328 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.)
 CVE-2013-2327 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.)
 CVE-2013-2326 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.)
 CVE-2013-2325 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.)
 CVE-2013-2324 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02883 SSRT101227 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code (05.06.2013)

Уязвимости безопасности в IP-камерах MayGion
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13118
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера, обратный путь в каталогах.
CVE:CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.)
 CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0322 - MayGion IP Cameras multiple vulnerabilities (05.06.2013)

Многочисленные уязвимости безопасности в IP-камерах Zavio
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13119
Тип:удаленная
Уровень опасности:
6/10
Описание:Неизменяемые учетные записи, выполнение кода, слабые разрешения.
Затронутые продукты:ZAVIO : Zavio F3105
 ZAVIO : Zavio F312A
CVE:CVE-2013-2570
 CVE-2013-2569
 CVE-2013-2568
 CVE-2013-2567
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0302 - Zavio IP Cameras multiple vulnerabilities (05.06.2013)

Слабые разрешения в продуктах ИнфоТеКС (InfoTeCS)
Опубликовано:5 июня 2013 г.
Источник:
SecurityVulns ID:13120
Тип:локальная
Уровень опасности:
6/10
Описание:Слабые разрешения на папку установки.
Затронутые продукты:INFOTECS : ViPNet Client 3.2
 INFOTECS : ViPNet Coordinator 3.2
 INFOTECS : ViPNet Personal Firewall 3.1
 INFOTECS : ViPNet SafeDisk 4.1
CVE:CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.)
Оригинальный текстdocumentchudakovma_(at)_gmail.com, CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) (05.06.2013)

Многочисленные уязвимости безопасности в Chromium / Google Chrome
дополнено с 5 июня 2013 г.
Опубликовано:17 июня 2013 г.
Источник:
SecurityVulns ID:13112
Тип:клиент
Уровень опасности:
8/10
Описание:Использование памяти после освобождения, DoS, кратковременные условия, утечка информации, XSS.
Затронутые продукты:GOOGLE : Chrome 27.0
 CHROMIUM : Chromium 27.0
CVE:CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.)
 CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.)
 CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.)
 CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
 CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.)
 CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.)
 CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.)
 CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.)
 CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.)
 CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.)
 CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.)
 CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2706-1] chromium-browser security update (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2695-1] chromium-browser security update (05.06.2013)

Уязвимости безопасности в IP-камерах TP-Link
дополнено с 5 июня 2013 г.
Опубликовано:12 августа 2013 г.
Источник:
SecurityVulns ID:13117
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, обход защиты.
Затронутые продукты:TPLINK : TP-Link TL-SC 3130
 TPLINK : TP-Link TL-SC 3130G
 TPLINK : TP-Link TL-SC 3171G
 TPLINK : TP-Link TL-SC 4171G
CVE:CVE-2013-2573
 CVE-2013-2572
Оригинальный текстdocumentadvisories_(at)_coresecurity.com, CORE-2013-0618 - Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras (12.08.2013)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities (05.06.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород