Информационная безопасность
[RU] switch to English


Кратковременные условия в systemd Linux
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12254
Тип:локальная
Уровень опасности:
5/10
Описание:Кратковременные условия при работе с символьными линками.
Затронутые продукты:SYSTEMD : systemd 43
CVE:CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session.")
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:030 ] systemd (18.03.2012)

Многочисленные уязвимости безопасности в VMWare View
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12255
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости XSS.
Затронутые продукты:VMWARE : VMware View 4.6
CVE:CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.)
 CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.)
 CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors.)
 CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.)
Оригинальный текстdocumentVMWARE, VMSA-2012-0004 VMware View privilege escalation and cross-site scripting (18.03.2012)

Уязвимости безопасности в Asterisk
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12256
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в HTTP менеджере, переполнение буфера в Milliwatt Application.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
 DIGIUM : Asterisk 10.2
Оригинальный текстdocumentASTERISK, AST-2012-003: Stack Buffer Overflow in HTTP Manager (18.03.2012)
 documentASTERISK, AST-2012-002: Remote Crash Vulnerability in Milliwatt Application (18.03.2012)

Уязвимости безопасности в Oracle Exadata Infiniband Switch
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12257
Тип:удаленная
Уровень опасности:
5/10
Описание:Учетная запись по-умолчанию, слабые разрешения на файл /conf/shadow.
Оригинальный текстdocumentlarry0_(at)_me.com, Oracle Exadata Infiniband Switch default logins and world readable shadow file (18.03.2012)

Многочисленные уязвимости безопасности в Cisco ASA / Cisco FSM
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12258
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия, выполнение кода через ActiveX.
Затронутые продукты:CISCO : Catalyst 6500
 CISCO : Cisco ASA 5500
CVE:CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165.)
 CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367.)
 CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634.)
 CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765.)
 CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability (18.03.2012)
 documentCISCO, Cisco Security Advisory: Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability (18.03.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module (18.03.2012)

Межсайтовый скриптинг в Yealink VOIP Phone
Опубликовано:18 марта 2012 г.
Источник:
SecurityVulns ID:12260
Тип:локальная
Уровень опасности:
3/10
Описание:Межсайтовый скриптинг в адресной книге.
CVE:CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.)
Оригинальный текстdocumentNarendra Shinde, Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability [CVE-2012-1417] (18.03.2012)

Уязвимости безопасности в EMC Documentum eRoom
дополнено с 18 марта 2012 г.
Опубликовано:20 марта 2012 г.
Источник:
SecurityVulns ID:12259
Тип:удаленная
Уровень опасности:
5/10
Описание:replay-атаки и межсайтовый скриптинг.
Затронутые продукты:EMC : Documentum eRoom 7.4
CVE:CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20120315-0 :: Multiple permanent XSS vulnerabilities in EMC Documentum eRoom (20.03.2012)
 documentEMC, ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities (18.03.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород