Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Mac OS X
дополнено с 3 октября 2013 г.
Опубликовано:5 октября 2013 г.
Источник:
SecurityVulns ID:13327
Тип:библиотека
Уровень опасности:
8/10
Описание:Различные уязвимости в компонентах системы.
Затронутые продукты:APPLE : MacOS X 10.8
CVE:CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.)
 CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.)
 CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.)
 CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.)
 CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.)
 CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.)
 CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.)
 CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.)
 CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.)
 CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-10-03-1 OS X v10.8.5 Supplemental Update (05.10.2013)
 documentAPPLE, APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004 (03.10.2013)

Слабая установка по умолчанию в EMC Atmos
Опубликовано:5 октября 2013 г.
Источник:
SecurityVulns ID:13331
Тип:локальная
Уровень опасности:
5/10
Описание:По умолчанию разрешен доступ к базе данных без пароля.
Затронутые продукты:EMC : Atmos 2.1
CVE:CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.)
Оригинальный текстdocumentEMC, ESA-2013-062: EMC Atmos Unauthenticated Database Access Vulnerability (05.10.2013)

Уязвимости безопасности в мультифункциональных устройствах HP FutureSmart
Опубликовано:5 октября 2013 г.
Источник:
SecurityVulns ID:13332
Тип:локальная
Уровень опасности:
5/10
Описание:Слабое шифрование PDF, утечнка информации.
CVE:CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow local users to read images of arbitrary scanned documents via unspecified vectors.)
 CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not properly encrypt PDF documents, which allows remote attackers to obtain sensitive information via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBPI02892 rev.1 - Certain HP FutureSmart MFP, Weak PDF Encryption, Local Disclosure of Information (05.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород