Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Chromium / Google Chrome
дополнено с 5 мая 2014 г.
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13748
Тип:клиент
Уровень опасности:
7/10
Описание:Обход защиты, использование памяти после освобождения, повреждения памяти, целочисленные переполнения.
Затронутые продукты:GOOGLE : Chrome 34.0
 CHROMIUM : Chromium 34.0
CVE:CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.)
 CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.)
 CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS).")
 CVE-2014-1746 (The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.)
 CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.)
 CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.)
 CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.)
 CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.)
 CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.)
 CVE-2014-1740 (Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.)
 CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.)
 CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.)
 CVE-2014-1732 (Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.)
 CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.)
 CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2939-1] chromium-browser security update (09.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2930-1] chromium-browser security update (30.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2920-1] chromium-browser security update (05.05.2014)

Многочисленные уязвимости безопасности в Adobe Reader / Acrobat
дополнено с 29 мая 2014 г.
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13784
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнения буфера, обход ограничений, утечка информации, повреждения памяти, использование после освобождения.
Затронутые продукты:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
 ADOBE : Reader 11.0
 ADOBE : Acrobat 11.0
CVE:CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0524.)
 CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls.)
 CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0526.)
 CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0524, and CVE-2014-0526.)
 CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526.)
 CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.)
 CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own) (09.06.2014)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) (29.05.2014)
Файлы:Security Updates available for Adobe Reader and Acrobat

DoS против FreeBSD
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13811
Тип:локальная
Уровень опасности:
5/10
Описание:Кратковременные условия при переключении контекстов потоков.
Затронутые продукты:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.2
 FREEBSD : FreeBSD 10.0
CVE:CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.)
Оригинальный текстdocumentFREEBSD, triple-fault when executing from a threaded process (09.06.2014)

Повышение привилегий в Linux
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13812
Тип:локальная
Уровень опасности:
7/10
Описание:Выполнение кода в ring 0 через вызов futex.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.13
CVE:CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.)
Оригинальный текстdocumentSolar Designer, [oss-security] Linux kernel futex local privilege escalation (CVE-2014-3153) (09.06.2014)

Переполнение буфера в mupdf
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13813
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе XPS.
Затронутые продукты:MUPDF : MuPDF 1.3
CVE:CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2951-1] mupdf security update (09.06.2014)

Многочисленные уязвимости безопасности в libav
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13814
Тип:библиотека
Уровень опасности:
6/10
Затронутые продукты:LIBAV : libav 0.8
 LIBAV : libav 10.1
CVE:CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2947-1] libav security update (09.06.2014)

Повышение привилегий через chkrootkit
Опубликовано:9 июня 2014 г.
Источник:
SecurityVulns ID:13815
Тип:локальная
Уровень опасности:
5/10
Описание:Можно выполнить файл из каталога /tmp
Затронутые продукты:CHKROOTKIT : chkrootkit 0.49
CVE:CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.)
Оригинальный текстdocumentDEBIAN, [oss-security] CVE-2014-0476 chkrootkit vulnerability (09.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород