Информационная безопасность
[RU] switch to English


Многочисленные узяивомости безопасности в HP Sprinter
Опубликовано:11 октября 2014 г.
Источник:
SecurityVulns ID:13998
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные возможности выполнения кода.
Затронутые продукты:HP : HP Sprinter 12.01
CVE:CVE-2014-2638 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.)
 CVE-2014-2637 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.)
 CVE-2014-2636 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.)
 CVE-2014-2635 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code (11.10.2014)

Уязвимости безопасности в HP Operations Manager for UNIX
Опубликовано:11 октября 2014 г.
Источник:
SecurityVulns ID:13999
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько возможностей выполнения кода.
Затронутые продукты:HP : HP Operations Manager 9.20
 HP : HP Operations Manager 9.11
CVE:CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution (11.10.2014)

Межсайтовый скриптинг в HP Records Manager
Опубликовано:11 октября 2014 г.
Источник:
SecurityVulns ID:14000
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Records Manager 7.3
 HP : HP Records Manager 8.0
CVE:CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) (11.10.2014)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 11 октября 2014 г.
Опубликовано:27 октября 2014 г.
Источник:
SecurityVulns ID:13997
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера и DoS условия в различных драйверах, многочисленные уязвимости в сетевой файловой системе Ceph.
Затронутые продукты:LINUX : kernel 3.16
CVE:CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.)
 CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.)
 CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.)
 CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.)
 CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.)
 CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.)
 CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.)
 CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:201 ] kernel (27.10.2014)
 documentUBUNTU, [USN-2379-1] Linux kernel vulnerabilities (11.10.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород