Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ZyXEL SBG-3300
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13987
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, DoS.
Затронутые продукты:ZYXEL : ZyXEL SBG-3300
CVE:CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
 CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is improperly handled during rendering of the loginMessage list item, a different vulnerability than CVE-2014-7278.)
Оригинальный текстdocumentmirko.casadei_(at)_gmail.com, CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway (05.10.2014)
 documentmirko.casadei_(at)_gmail.com, CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway (05.10.2014)

Уязвимости безопасности в libvirt
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13988
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS уязвимости.
Затронутые продукты:LIBVIRT : libvirt 1.1
 LIBVIRT : libvirt 1.2
CVE:CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.)
 CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.)
 CVE-2014-3633 (The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.)
Оригинальный текстdocumentUBUNTU, [USN-2366-1] libvirt vulnerabilities (05.10.2014)
 documentMANDRIVA, [ MDVSA-2014:195 ] libvirt (05.10.2014)

Многочисленные уязвимости безопасности в HP Systems Insight Manager
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13989
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий, межсайтовый скриптинг, кликджакинг.
Затронутые продукты:HP : Systems Insight Manager 7.4
CVE:CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors.)
 CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.)
 CVE-2014-2643 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote authenticated users to gain privileges via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities (05.10.2014)

Слабая политика CORS в elasticsearch
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13990
Тип:удаленная
Уровень опасности:
4/10
Описание:Возможны кроссайтовые запросы.
Затронутые продукты:ELASTIC : elasticsearch 1.3
CVE:CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentELASTIC, Elasticsearch vulnerability CVE-2014-6439 (05.10.2014)

Уязвимости безопасности в Ultra Electronics / AEP Networks SSL VPN
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13991
Тип:удаленная
Уровень опасности:
5/10
Описание:SQL инъекция, обратный путь в каталогах.
Оригинальный текстdocumentPatrick Webster, Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities (05.10.2014)

DoS против rsyslog
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13992
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе разбора.
Затронутые продукты:RSYSLOG : rsyslog 8.4
CVE:CVE-2014-3683 (Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.)
 CVE-2014-3634 (rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3040-1] rsyslog security update (05.10.2014)

Повышение привилегий в HP MPIO
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13994
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : HP MPIO 4.02
CVE:CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation (05.10.2014)

Проблема символьных линков в perl-XML-DT
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13995
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков в mkxmltype и mkdtskel
Затронутые продукты:XMLDT : XML-DT 0.63
CVE:CVE-2014-5260 (The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:191 ] perl-XML-DT (05.10.2014)

Многочисленные уязвимости безопасности в Google Chrome / Chromium
Опубликовано:5 октября 2014 г.
Источник:
SecurityVulns ID:13996
Тип:клиент
Уровень опасности:
8/10
Описание:Обход ограничений, повреждение памяти, утечка информации, подмена URL.
Затронутые продукты:GOOGLE : Chrome 36
CVE:CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.)
 CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.)
 CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.)
 CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.)
 CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.)
 CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.)
 CVE-2014-3172 (The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.)
 CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.)
 CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.)
 CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.)
 CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.)
 CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.)
 CVE-2014-3165 (Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.)
 CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-3160 (The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3039-1] chromium-browser security update (05.10.2014)

Многочисленыне уязвимости безопасности в HP System Management Homepage
дополнено с 5 октября 2014 г.
Опубликовано:15 октября 2014 г.
Источник:
SecurityVulns ID:13993
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ, утечка информации, DoS, XSS, CSRF, clickjacking.
Затронутые продукты:HP : HP System Management Homepage 7.3
CVE:CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before 3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.)
 CVE-2014-2641 (Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2014-2640 (Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.)
 CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.)
 CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.)
 CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery (15.10.2014)
 documentHP, [security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities (05.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород