Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в HP Data Protector
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13476
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, повышение привлегий, DoS.
Затронутые продукты:HP : Storage Data Protector 6.2
CVE:CVE-2013-6195 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.)
 CVE-2013-6194 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.)
 CVE-2013-2350 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897.)
 CVE-2013-2349 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896.)
 CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.)
 CVE-2013-2347 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1885.)
 CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.)
 CVE-2013-2345 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.)
 CVE-2013-2344 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code (08.01.2014)

Обход защиты в Apache libcloud
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13477
Тип:библиотека
Уровень опасности:
5/10
Описание:Не работает параметр, отвечающий за уничтожение данных при удалении.
Затронутые продукты:APACHE : libcloud 0.13
CVE:CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.)
Оригинальный текстdocumentAPACHE, [CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node (08.01.2014)

Уязвимости безопасности в OpenSSL
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13478
Тип:библиотека
Уровень опасности:
6/10
Описание:MitM атаки против TLS 1.2, проблемы с некоторыми PRNG генераторами, DoS.
Затронутые продукты:OPENSSL : OpenSSL 1.0
CVE:CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.)
 CVE-2013-6449 (The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.)
 CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2833-1] openssl security update (08.01.2014)

Проблема символьных линков в puppet
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13480
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов.
CVE:CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2831-1] puppet security update (08.01.2014)

Уязвимости безопасности в HP Service Manager
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13482
Тип:клиент
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода.
Затронутые продукты:HP : HP Service Manager 9.21
CVE:CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities (08.01.2014)

Повреждение памяти в libXfont
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13483
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждение памяти при разборе шрифтов BDF.
Затронутые продукты:LIBXFONT : libXfont 1.4
CVE:CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.)
Оригинальный текстdocumentDEBIAN, [USN-2078-1] libXfont vulnerability (08.01.2014)

Обратный путь в каталогах Spamina email firewall
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13484
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах во многих запросах.
Затронутые продукты:SPAMINA : Spamina Email Firewall 3.3
Оригинальный текстdocumentsisco.barrera_(at)_gmail.com, SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal - (08.01.2014)

Выполнение кода в uscan из devscripts
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13486
Тип:клиент
Уровень опасности:
5/10
Описание:Выполнение кода при разборе ответа сервера.
Затронутые продукты:DEVSCRIPTS : devscripts 2.13
CVE:CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2836-1] devscripts security update (08.01.2014)

Межсайтовый скриптинг в HP Autonomy Ultraseek
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13487
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : Autonomy Ultraseek 5
CVE:CVE-2013-6196 (Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) (08.01.2014)

Переполнение буфера в QuickHeal AntiVirus
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13488
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе PE-файлов.
Затронутые продукты:QUICKHEAL : QuickHeal AntiVirus 7.0
CVE:CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.)
Оригинальный текстdocumentVulnerability Lab, QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability (08.01.2014)

Выполнение кода через djvulibre
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13489
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти.
Затронутые продукты:DJVULIBRE : DjVuLibre 3.5
CVE:CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.)
Оригинальный текстdocumentUBUNTU, [USN-2056-1] DjVuLibre vulnerability (08.01.2014)

Выполнение кода в HP SAN Network Advisor
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13490
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution (08.01.2014)

Переполнение буфера в Samba
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13492
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера при разборе пакета DCE-RPC.
Затронутые продукты:SAMBA : Samba 4.1
CVE:CVE-2013-4475 (Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).)
 CVE-2013-4408 (Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.)

Утечка информации в EMC NetWorker
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13493
Тип:удаленная
Уровень опасности:
5/10
Описание:Пароль в открытом тексте в отчетах аудита.
Затронутые продукты:EMC : NetWorker 8.0
CVE:CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.)
Оригинальный текстdocumentEMC, ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability (08.01.2014)

Уязвимости безопасности в EMC RSA Security Analytics
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13494
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий.
Затронутые продукты:EMC : RSA Security Analytics 10.2
CVE:CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.)
Оригинальный текстdocumentEMC, ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities (08.01.2014)

Уязвимости безопасности в EMC Data Protection Advisor / Connectrix Manager
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13495
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода.
CVE:CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.)
Оригинальный текстdocumentEMC, ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities (08.01.2014)
 documentrgod, EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution (08.01.2014)
 documentEMC, ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability (08.01.2014)

Межсайтовый скриптинг в EMC RSA Archer
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13496
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные условия межсайтового скриптинга.
Затронутые продукты:EMC : RSA Archer GRC 5.4
CVE:CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentEMC, ESA-2013-079: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities (08.01.2014)

Обратный путь в каталогах EMC Replication Manager
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13497
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах через пользовательские скрипты.
Затронутые продукты:EMC : Replication Manager 5.4
CVE:CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory.)
Оригинальный текстdocumentEMC, ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability (08.01.2014)

Утечка информации в EMC Watch4net
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13498
Тип:удаленная
Уровень опасности:
5/10
Описание:Пароли устройств хранятся в открытом виде.
Затронутые продукты:EMC : Watch4Net 6.2
CVE:CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.)
Оригинальный текстdocumentEMC, ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability (08.01.2014)

Межсайтовый скриптинг в HP Officejet Pro 8500
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13499
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:HP : Officejet Pro 8500
CVE:CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) (08.01.2014)

Повышение привилегий в clutter
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13500
Тип:локальная
Уровень опасности:
5/10
Описание:Некорректная обработка отключения устройства.
Затронутые продукты:CLUTTER : Clutter 1.10
CVE:CVE-2013-2190 (The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:255 ] clutter (08.01.2014)

Многочисленные уязвимости безопасности в HP ProCurve Manager
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13501
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода.
Затронутые продукты:HP : ProCurve Manager 4.0
CVE:CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.)
 CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.)
 CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.)
 CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760.)
 CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.)
 CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.)
Оригинальный текстdocumentHP, [security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse (08.01.2014)

Многочисленные уязвимости безопасности в VMware vSphere
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13502
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, повышение привилегий.
Затронутые продукты:VMWARE : ESX 4.1
 VMWARE : vCenter Server 5.0
 VMWARE : ESXi 5.0
CVE:CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.)
 CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.)
Оригинальный текстdocumentVMWARE, NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities (08.01.2014)

Многочисленные уязвимости безопасности в SpamTitan
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13503
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, инъекция SQL, выполнение кода.
Затронутые продукты:SPAMTITAN : SpamTitan 5.13
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131015-0 :: Multiple vulnerabilities in SpamTitan (08.01.2014)

Межсайтовый скриптинг в плагине Feeder.co для Chrome
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13504
Тип:клиент
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг через подписку.
Затронутые продукты:FEEDERCO : Feeder.co 5.2
Оригинальный текстdocumentVulnerability Lab, Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability (08.01.2014)

Межсайтовый скриптинг в MobileIron
Опубликовано:8 января 2014 г.
Источник:
SecurityVulns ID:13506
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в веб-интерфейсе.
Затронутые продукты:MOBILEIRON : MobileIron 4.5
Оригинальный текстdocumentMarc Ruef, [scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting (08.01.2014)

Многочисленные уязвимости безопасности в memcached
дополнено с 8 января 2014 г.
Опубликовано:29 января 2014 г.
Источник:
SecurityVulns ID:13479
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход аутентификации при использовании SASL, различные DoS-условия.
Затронутые продукты:MEMCACHED : memcached 1.4
CVE:CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.)
 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.)
 CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.)
 CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:010 ] memcached (29.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2832-1] memcached security update (08.01.2014)

Уязвимости безопасности HP Operations Orchestration
дополнено с 8 января 2014 г.
Опубликовано:3 марта 2014 г.
Источник:
SecurityVulns ID:13491
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, межсайтовая подмена запросов, несанкционированный доступ.
Затронутые продукты:HP : HP Operations Orchestration 9
 HP : HP Operations Orchestration 10.01
CVE:CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information (03.03.2014)
 documentHP, [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) (08.01.2014)

Межсайтовый скриптинг в OpenXchange
дополнено с 8 января 2014 г.
Опубликовано:24 марта 2014 г.
Источник:
SecurityVulns ID:13485
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг при отображении документов MS Office и EML.
CVE:CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.)
 CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.)
 CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.)
 CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers.")
Оригинальный текстdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-02-10 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-03-17 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-17 (19.01.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-06 (08.01.2014)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 8 января 2014 г.
Опубликовано:31 марта 2014 г.
Источник:
SecurityVulns ID:13475
Тип:библиотека
Уровень опасности:
9/10
Описание:Утечка информации в ptrace, повышение привилегий через функции отладки, слабый PRNG генератор в cprng, DoS в сетевом функционале, многочисленные целочисленные переполнения, переполнения буфера в драйверах USB, WiMax и других устройств, кратковременные условия в реализации shared memory, неиницилизированная память в UDP fragmentation offload, повышения привилегий. Утечка информации через NAT.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.11
 LINUX : kernel 3.12
CVE:CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.)
 CVE-2014-1874 (The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.)
 CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.)
 CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.)
 CVE-2014-1438 (The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.)
 CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.)
 CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.)
 CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.)
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.)
 CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.)
 CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.)
 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.)
 CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.)
 CVE-2013-6378 (The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.)
 CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.)
 CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.)
 CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.)
 CVE-2013-4588 (Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.)
 CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.)
 CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
 CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.)
 CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.)
 CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.)
 CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.)
 CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.)
 CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.)
 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.)
 CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.)
 CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.)
 CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.)
Оригинальный текстdocumentUBUNTU, [USN-2140-1] Linux kernel vulnerabilities (31.03.2014)
 documentMANDRIVA, [ MDVSA-2014:038 ] kernel (18.02.2014)
 documentUBUNTU, [USN-2096-1] Linux kernel vulnerability (01.02.2014)
 documentMANDRIVA, [ MDVSA-2014:001 ] kernel (14.01.2014)
 documentUBUNTU, [USN-2075-1] Linux kernel vulnerabilities (08.01.2014)

Уязвимости безопасности в Dell SonicWALL
дополнено с 8 января 2014 г.
Опубликовано:31 марта 2014 г.
Источник:
SecurityVulns ID:13505
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход фильтрации, межсайтовый скриптинг.
Затронутые продукты:DELL : SonicWall GMS 7.1
 DELL : SonicWall EMail Security Appliance Application 7.4
 DELL : SonicWALL Network Security Appliance 2400
Оригинальный текстdocument[email protected], SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability (31.03.2014)
 documentVulnerability Lab, Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities (31.03.2014)
 documentVulnerability Lab, ES746 DELL Support-Bulletin - EMS Vulnerability Resolved (31.03.2014)
 documentVulnerability Lab, Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) (08.01.2014)

Уязвимости безопасности в различных Ruby gem
дополнено с 8 января 2014 г.
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13481
Тип:библиотека
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода, утечка информации.
Затронутые продукты:RUBY : Gem Webbynode 1.0
 RUBY : Gem Bio Basespace SDK 0.1
 RUBY : Gem sprout 0.7
 RUBY : Gem i18n 0.6
 RUBY : Gem Arabic Prawn 0.0
 RUBY : Gem sfpagent 0.4
CVE:CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.)
 CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.)
 CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.)
Оригинальный текстdocumentlarry0_(at)_me.com, Remote Command Injection in Ruby Gem sfpagent 0.4.14 (04.05.2014)
 documentlarry0_(at)_me.com, Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (04.05.2014)
 documentlarry0_(at)_me.com, Command injection in Ruby Gem Webbynode 1.0.5.3 (08.01.2014)
 documentlarry0_(at)_me.com, Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line (08.01.2014)
 documentlarry0_(at)_me.com, Command injection vulnerability in Ruby Gem sprout 0.7.246 (08.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2830-1] ruby-i18n security update (08.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород