Информационная безопасность
[RU] switch to English


Целочисленное переполнение в vlc player
Опубликовано:10 июня 2011 г.
Источник:
SecurityVulns ID:11720
Тип:локальная
Уровень опасности:
4/10
Описание:Целочисленное переполнение при разборе плейлистов XSPF.
Затронутые продукты:VLC : vlc 1.1
CVE:CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2257-1] vlc security update (10.06.2011)

Выполнение кода в HP OpenView Storage Data Protector
Опубликовано:10 июня 2011 г.
Источник:
SecurityVulns ID:11722
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : OpenView Storage Data Protector 6.11
 HP : OpenView Storage Data Protector 6.0
 HP : OpenView Storage Data Protector 6.10
CVE:CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code (10.06.2011)

Многочисленные уязвимости безопасности в HP Service Manager / HP Service Center
Опубликовано:10 июня 2011 г.
Источник:
SecurityVulns ID:11723
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ, повышение привилегий, утечка информации, перехват HTTP-сеанса, межсайтовый сериптинг.
Затронутые продукты:HP : HP Service Manager 9.21
 HP : HP Service Manager 9.20
 HP : HP Service Manager 7.11
 HP : HP Service Manager 7.02
 HP : HP Service Manager client 9.21
 HP : HP Service Manager client 9.20
 HP : HP Service Manager client 7.11
 HP : HP Service Manager client 7.02
 HP : HP Service Center 6.2
 HP : HP Service Center client 6.2
CVE:CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.)
 CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.)
 CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.)
 CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows local users to bypass intended access restrictions via unknown vectors.)
 CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02674 SSRT100487 rev.1 - HP Service Manager and HP Service Center, Unauthorized Remote Access, Unsecured Local Access, Remote Disclosure of Privileged Information, HTTP Session Credential Re-use, Cross Site Scripting (XS (10.06.2011)

Многочисленные уязвимости безопасности в Oracle Java
дополнено с 10 июня 2011 г.
Опубликовано:19 июня 2011 г.
Источник:
SecurityVulns ID:11721
Тип:библиотека
Уровень опасности:
9/10
Описание:Многочисленные целочисленные переполнения при разборе профилей ICC. Переход по неинициализированному указателю в Windows. Выполнение шел-команд в Java Web Start.
Затронутые продукты:ORACLE : Jre 6.0
 ORACLE : JDK 6.0
CVE:CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
Оригинальный текстdocumentZDI, TPTI-11-06: Oracle Java ICC Profile rcs2 Tag Parsing Remote Code Execution Vulnerability (19.06.2011)
 documentZDI, ZDI-11-199: Oracle Java Soundbank Decompression Remote Code Execution Vulnerability (19.06.2011)
 documentZacheusz Siedlecki, Java HotSpot Cryptographic Provider signature verification vulnerability (11.06.2011)
 documentZDI, ZDI-11-182: Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-183: Oracle Java ICC Profile MultiLanguage 'mluc' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-184: Oracle Java ICC Profile Sequence Description 'pseq' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-185: Oracle Java ICC Profile 'bfd ' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-191: Oracle Java ICC Screening Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-192: Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-190: Oracle Java ICC Profile 'crdi' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentZDI, ZDI-11-187: Oracle Java ICC Profile clrt Tag Parsing Remote Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "clrt" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "ncl2" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)
 documentVUPEN Security Research, VUPEN Security Research - Oracle Java ICC Profile "mluc" Tag Integer Overflow Code Execution Vulnerability (10.06.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород