Информационная безопасность
[RU] switch to English


Чтение за пределами памяти в libsndfile
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14219
Тип:библиотека
Уровень опасности:
5/10
Описание:Чтение за пределами памяти в sd2_parse_rsrc_fork().
Затронутые продукты:LIBSNDFILE : libsndfile 1.0
CVE:CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:024 ] libsndfile (19.01.2015)

Переполнение буфера в mpfr
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14220
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера в mpn_set_str().
Затронутые продукты:MPFR : mpfr 3.1
CVE:CVE-2014-9474
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:025 ] mpfr (19.01.2015)

Обход защиты в gtk+
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14221
Тип:локальная
Уровень опасности:
5/10
Описание:Обход блокировки экрана.
Затронутые продукты:GNOME : GTK+ 3.10
Оригинальный текстdocumentUBUNTU, [USN-2475-1] GTK+ update (19.01.2015)

Повреждение памяти в GNU coreutils
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14222
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти в date и touch при разборе даты.
Затронутые продукты:GNU : coreutils 8.23
CVE:CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.)
Оригинальный текстdocumentUBUNTU, [USN-2473-1] coreutils vulnerabilities (19.01.2015)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14223
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти, обход ограничений, инъекция заголовков.
Затронутые продукты:MOZILLA : Firefox 34
 MOZILLA : Thunderbird 31.1
 MOZILLA : SeaMonkey 2.31
CVE:CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.)
 CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate.)
 CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.)
 CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls.)
 CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server.)
 CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site.)
 CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.)
 CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.)
 CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Файлы:Mozilla Foundation Security Advisory 2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
  Mozilla Foundation Security Advisory 2015-02 Uninitialized memory use during bitmap rendering
  Mozilla Foundation Security Advisory 2015-03 sendBeacon requests lack an Origin header
  Mozilla Foundation Security Advisory 2015-04 Cookie injection through Proxy Authenticate responses
 Mozilla Foundation Security Advisory 2015-05 Read of uninitialized memory in Web Audio
  Mozilla Foundation Security Advisory 2015-06 Read-after-free in WebRTC
  Mozilla Foundation Security Advisory 2015-07 Gecko Media Plugin sandbox escape
  Mozilla Foundation Security Advisory 2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
  Mozilla Foundation Security Advisory 2015-09 XrayWrapper bypass through DOM objects

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14224
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PANDORAFMS : Pandora FMS 5.1
 DJANGO : django 1.7
 ANSIBLE : Ansible Tower 2.0
 OTRS : otrs2 3.3
 WBB : Tapatalk Plugin 1.1
 WORDPRESS : Pods 2.4
 MEDIAWIKI : mediawiki 1.23
 MANTIS : mantis 1.2
 CATBOT : CatBot 0.4
 ALIENVAULT : OSSIM 4.14
 WORDPRESS : Simple Security 1.1
 DJANGO : django 1.6
 SITEFINITY : Sitefinity Enterprise 7.2
CVE:CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.)
 CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.)
 CVE-2015-0220 (The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a "\njavascript:" URL.)
 CVE-2015-0219 (Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.)
 CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.)
 CVE-2014-9324 (The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.)
 CVE-2014-9288
 CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field.)
 CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.)
 CVE-2014-9272 (The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the javascript:// protocol.)
 CVE-2014-9271 (Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.)
 CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field.)
 CVE-2014-9269 (Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.)
 CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.)
 CVE-2014-8989 (The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.)
 CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL.)
 CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987.)
 CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin before 1.1.2 for Woltlab Burning Board 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the board_url parameter.)
 CVE-2014-8598 (The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.)
 CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.)
 CVE-2014-8553 (The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_get, (3) mc_filter_get_issues, or (4) mc_project_get_issues SOAP request.)
 CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable "roles and capabilities" in a toggle action in the pods-components page to wp-admin/admin.php.)
 CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.)
 CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly categorize URLs when running under the web root, which allows remote attackers to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.)
Оригинальный текстdocumentPedro Ribeiro, [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 (19.01.2015)
 documentDEBIAN, [SECURITY] [DSA 3120-1] mantis security update (19.01.2015)
 documentMANDRIVA, [ MDVSA-2015:006 ] mediawiki (19.01.2015)
 documentPietro Oliva, Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities (19.01.2015)
 documentVulnerability Lab, Blitz CMS Community - SQL Injection Web Vulnerability (19.01.2015)
 documentDEBIAN, [SECURITY] [DSA 3124-1] otrs2 security update (19.01.2015)
 documentRedTeam Pentesting, [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 (19.01.2015)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower (19.01.2015)
 documentVulnerability Lab, Sitefinity Enterprise v7.2.53 - Persistent Vulnerability (19.01.2015)
 documentUBUNTU, [USN-2469-1] Django vulnerabilities (19.01.2015)
 documentHigh-Tech Bridge Security Research, Two XSS vulnerabilities in Simple Security WordPress Plugin (19.01.2015)
 documentPeter Lapp, Alienvault OSSIM/USM Command Execution Vulnerability (19.01.2015)
 documentadmin_(at)_evolution-sec.com, Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability (19.01.2015)
 documentVulnerability Lab, CatBot v0.4.2 (PHP) - SQL Injection Vulnerability (19.01.2015)

Утечка информации в cgmanager
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14225
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректная работа с вложенными группами.
Затронутые продукты:CMANAGER : cmanager 0.32
CVE:CVE-2014-1425 (cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.)
Оригинальный текстdocumentUBUNTU, [USN-2451-1] cgmanager vulnerability (19.01.2015)

Межсайтовый скриптинг в устройствах Brother
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14226
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг в веб интерфейсе.
Затронутые продукты:BROTHER : Brother MFC-J4410DW
Оригинальный текстdocumentvulns_(at)_dionach.com, Brother MFC Administration Reflected Cross-Site Scripting (19.01.2015)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14227
Тип:библиотека
Уровень опасности:
7/10
Описание:Повышение привилегий в Application Compatibility Cache, переполнение буфера в службе telnet, повышение привилегий в User Profile Service, обратный путь в каталогах в TS WebProxy, обход ограничений в Network Location Awareness Service, обход ограничений в Windows Error Reporting, повышение привилегий в драйвере WebDAV.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability.")
 CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability.")
 CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability.")
 CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability.")
 CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability.")
 CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability.")
 CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-001 - Important Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (3023266)
  Microsoft Security Bulletin MS15-002 - Critical Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (3020393)
  Microsoft Security Bulletin MS15-003 - Important Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (3021674)
  Microsoft Security Bulletin MS15-004 - Important Vulnerability in Windows Components Could Allow Elevation of Privilege (3025421)
  Microsoft Security Bulletin MS15-005 - Important Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (3022777)
  Microsoft Security Bulletin MS15-006 - Important Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (3004365)
  Microsoft Security Bulletin MS15-008 - Important Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (3019215)

DoS против Microsoft Network Policy Server
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14228
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при обработке имени пользователя в запроса RADIUS.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 2012 Server
CVE:CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability.")
Файлы: Microsoft Security Bulletin MS15-007 - Important Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (3014029)

Многочисленные уязвимости безопасности в Adobe Flash Player
Опубликовано:19 января 2015 г.
Источник:
SecurityVulns ID:14229
Тип:клиент
Уровень опасности:
9/10
Описание:typejacking, выполнение кода, повреждение памяти, переполнение буфера, раскрытие информации.
Затронутые продукты:ADOBE : Flash Player 16.0
CVE:CVE-2015-0309 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.)
 CVE-2015-0308 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2015-0307 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2015-0306 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.)
 CVE-2015-0305 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion.")
 CVE-2015-0304 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.)
 CVE-2015-0303 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.)
 CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors.)
 CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.)
Файлы:Adobe Security Bulletin Security updates available for Adobe Flash Player

Выполнение кода в xdg-open
дополнено с 19 января 2015 г.
Опубликовано:8 марта 2015 г.
Источник:
SecurityVulns ID:14230
Тип:библиотека
Уровень опасности:
7/10
Описание:Выполнение кода из-за недостаточной фильтрации шел-символов в обработчике протоколов.
Затронутые продукты:XDG : xdg-utils 1.1
CVE:CVE-2015-1877
 CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3165-1] xdg-utils security update (08.03.2015)
 documentDEBIAN, [SECURITY] [DSA 3131-1] xdg-utils security update (19.01.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород