Информационная безопасность
[RU] switch to English


Переполнение буфера в libgadu
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13782
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе сообщения от сервера.
Затронутые продукты:LIBGADU : libgadu 1.11
CVE:CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.)
Оригинальный текстdocumentMarcin Owsiany, [oss-security] libgadu vulnerability: possible memory corruption (15.05.2014)

Многочисленные уязвимости безопасности в libXfont
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13772
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS, повреждение памяти.
Затронутые продукты:LIBXFONT : libXfont 1.4
CVE:CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.)
 CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.)
 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.)
Оригинальный текстdocumentAlan Coopersmith, [oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont (15.05.2014)
 documentUBUNTU, [USN-2211-1] libXfont vulnerabilities (15.05.2014)

Слабые разрешения в ldns
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13774
Тип:локальная
Уровень опасности:
4/10
Описание:ldns-keygen может создать файл приватного ключа открытым на чтение.
Затронутые продукты:LDNS : ldns 1.6
CVE:CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:085 ] ldns (15.05.2014)

Обход аутентификации в RSA NetWitness / RSA Security Analytics
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13775
Тип:удаленная
Уровень опасности:
6/10
Описание:При определенных условиях возможен вход без указания пароля.
Затронутые продукты:EMC : RSA NetWitness 9.8
 EMC : RSA Security Analytics 10.3
CVE:CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.)
Оригинальный текстdocumentEMC, ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability (15.05.2014)

Несанкционированный доступ к EMC Documentum Foundation Services
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13776
Тип:удаленная
Уровень опасности:
6/10
Описание:Несанкционированный доступ к файлам.
Затронутые продукты:EMC : Documentum Foundation Services 7.1
 EMC : My Documentum 6.7
 EMC : CenterStage 1.2
CVE:CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.)
Оригинальный текстdocumentEMC, ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability (15.05.2014)

Обход аутентификации в BROADCOM PIPA C211
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13777
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно получить конфигурацию устройства без аутентификации.
Затронутые продукты:BROADCOM : Broadcom PIPA C211
CVE:CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.)
Оригинальный текстdocumentadvisories_(at)_portcullis-security.com, CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 (15.05.2014)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13778
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:DJANGO : django 1.7
 FOG : FOG 0.32
 COBBLER : Cobbler 2.6
 EGROUPWARE : eGroupware 1.8
 PUPLATE : Pyplate 0.8
 DJANGO : django 1.6
 DRUPAL : Flag 7.x-3.5
 OPENFILER : OpenFiler 2.99
 MUMBLE : Mumble 1.2
CVE:CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.)
 CVE-2014-3744
 CVE-2014-3743
 CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.)
 CVE-2014-3741
 CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.)
 CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com.")
 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.)
 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.)
 CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.)
 CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.)
 CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.)
 CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.)
 CVE-2013-7381
 CVE-2013-7380
 CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.)
 CVE-2013-7378
 CVE-2013-7377
 CVE-2013-7371
 CVE-2013-7370
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
 CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.)
Оригинальный текстdocumentDolev Farhi, [oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS (15.05.2014)
 documentMikkel Krautz, [oss-security] Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 (15.05.2014)
 documentPaul Wise, [oss-security] CVE request: various NodeJS module vulnerabilities (15.05.2014)
 documentMurray McAllister, [oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer (15.05.2014)
 documenthenri_(at)_nerv.fi, [oss-security] CVE request: Pyplate multiple vulnerabilities (15.05.2014)
 documentDolev Farhi, [oss-security] Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities (15.05.2014)
 documentDEBIAN, [oss-security] CVE Reuest: Django: Malformed URLs from user input incorrectly validated (15.05.2014)
 documentDolev Farhi, Multiple Stored XSS in FOG Image deployment system - FD (15.05.2014)
 documentDolev Farhi, FD - Cobbler Arbitrary File Read CVE-2014-3225 (15.05.2014)

Переполнение буфера в Xen
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13779
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при загрузке ядра гостевой системы.
Затронутые продукты:XEN : Xen 4.4
CVE:CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.)
 CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.)
 CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.)
 CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.)
Оригинальный текстdocumentXEN, [oss-security] Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM (15.05.2014)

Многочисленные криптографические проблемы в EncFS
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13780
Тип:библиотека
Уровень опасности:
5/10
Описание:Многочисленные уязвимости безопасности.
Затронутые продукты:ENCFS : EncFS 1.7
CVE:CVE-2014-3462
Оригинальный текстdocumentMurray McAllister, [oss-security] A number of EncFS issues (15.05.2014)
Файлы:EncFS Security Audit

Повышение привилегий в seunshare
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13781
Тип:локальная
Уровень опасности:
5/10
Описание:Некорректный сброс привилегий.
Затронутые продукты:POLICYCOREUTILS : policycoreutils 2.2
CVE:CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.)
Оригинальный текстdocumentcve-assign_(at)_mitre.org, [oss-security] Re: local privilege escalation due to capng_lock as used in seunshare (15.05.2014)

Многочисленные уязвимости безопасности в QEMU
дополнено с 4 мая 2014 г.
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13705
Тип:локальная
Уровень опасности:
6/10
Описание:DoS, повреждения памяти, переполнение буфера.
Затронутые продукты:QEMU : QEMU 2.0
CVE:CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.")
 CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.)
 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.)
 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.)
Оригинальный текстdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size (15.05.2014)
 documentP J P, [oss-security] CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentUBUNTU, [USN-2182-1] QEMU vulnerabilities (04.05.2014)

Уязвимости безопасности в libpng
дополнено с 15 мая 2014 г.
Опубликовано:20 апреля 2015 г.
Источник:
SecurityVulns ID:13773
Тип:библиотека
Уровень опасности:
6/10
Описание:Несколько целочисленных переполнений, приводящих к переполнению буфера динамической памяти.
Затронутые продукты:libpng : libpng 1.5
CVE:CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.)
 CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.)
 CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.)
 CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:090 ] libpng (20.04.2015)
 documentMANDRIVA, [ MDVSA-2014:084 ] libpng (15.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород