Информационная безопасность
[RU] switch to English


Выполнение кода в cups-filters
дополнено с 18 марта 2015 г.
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14329
Тип:библиотека
Уровень опасности:
6/10
Описание:Проблема шел-символов в cups-browsed
Затронутые продукты:CUPS : cups-filters 1.0
CVE:CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.)
 CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.)
 CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues.")
 CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.)
 CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.)
 CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:100 ] cups-filters (19.04.2015)
 documentUBUNTU, [USN-2532-1] cups-filters vulnerability (18.03.2015)

Многочисленные уязвимости безопасности в Apple Safari / WebKit
дополнено с 8 апреля 2015 г.
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14356
Тип:библиотека
Уровень опасности:
8/10
Описание:Некорректная проверка SSL-сертификатов, утечка информации, повреждения памяти, межсайтовый доступ.
Затронутые продукты:APPLE : Safari 8.0
 APPLE : Safari 6.2
 APPLE : Safari 7.1
CVE:CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.)
 CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.)
 CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.)
 CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.)
 CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1122 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1121 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1120 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1119 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1112 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.)
Оригинальный текстdocumentJouko Pynnonen, Safari iOS/OS X/Windows cookie access vulnerability (19.04.2015)
 documentAPPLE, APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 (08.04.2015)

Мнгочисленные уязвимости безопасности в freexl
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14408
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти при разборе документов Excel.
Затронутые продукты:FREEXL : freexl 1.0
CVE:CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.)
 CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF.")
 CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3208-1] freexl security update (19.04.2015)

Обход защиты в gtk+
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14407
Тип:локальная
Уровень опасности:
5/10
Описание:Обход блокировкви экрана.
Затронутые продукты:GNOME : GTK+ 3.10
CVE:CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:162 ] gtk+3.0 (19.04.2015)

Доступ к файлам в устройствах TP-LINK
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14406
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталолгах веб-интерфейса.
CVE:CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) (19.04.2015)

Слабые разрешения в Jython
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14409
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения при создании файлов кэша.
Затронутые продукты:JYTHON : Jython 2.2
CVE:CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:158 ] jython (19.04.2015)

Уязвимости безопасности в HP Support Solution Framework
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14405
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода, раскрытие информации.
Затронутые продукты:HP : HP Support Solution Framework 11.51
CVE:CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information (19.04.2015)

Инъекция команд в blkid из util-linux
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14412
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:UTILLINUX : util-linux 2.24
CVE:CVE-2014-9114
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:122 ] util-linux (19.04.2015)

DoS против Shibboleth Service Provider
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14415
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе сообщения SAML.
Затронутые продукты:SHIBBOLETH : Shibboleth Service Provider 2.5
CVE:CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3207-1] shibboleth-sp2 security update (19.04.2015)

Уязвимости безопасности в dulwich
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14414
Тип:локальная
Уровень опасности:
5/10
Описание:Выполнение кода, переполнение буфера.
Затронутые продукты:DULWICH : Dulwich 0.9
CVE:CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.)
 CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3206-1] dulwich security update (19.04.2015)

Подмена сертификата в Not Yet Commons SSL
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14410
Тип:библиотека
Уровень опасности:
5/10
Описание:Некорректная проверка сертификата.
Затронутые продукты:NOTYETCOMMONSSL : Not Yet Commons SSL 0.3
CVE:CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:141 ] not-yet-commons-ssl (19.04.2015)

Переполнение буфера в cifs-utils
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14413
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера в pam_cifscreds.
Затронутые продукты:CIFSUTILS : cifs-utils 6.3
CVE:CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:114 ] cifs-utils (19.04.2015)

Многочисленные уязвимости безопасности в pillow
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14416
Тип:библиотека
Уровень опасности:
5/10
Описание:Проблема символьных линков, DoS, шел-инъекция.
Затронутые продукты:PYTHON : Pillow 2.5
CVE:CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.)
 CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.)
 CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.)
 CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.)
 CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:099 ] python-pillow (19.04.2015)

Многочисленные уязвимости безопасности в Android
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14403
Тип:библиотека
Уровень опасности:
6/10
Описание:Обход ограничений, выполнение кода.
Затронутые продукты:ANDROID : Android 4.4
CVE:CVE-2014-7954
 CVE-2014-7951
Оригинальный текстdocumentImre RAD, CVE-2014-7953 Android backup agent code execution (19.04.2015)
 documentImre RAD, CVE-2014-7951 adb backup archive path traversal file overwrite (19.04.2015)
 documentImre RAD, CVE-2014-7954 MTP path traversal vulnerability in Android (19.04.2015)

DoS против PulseAudio
Опубликовано:19 апреля 2015 г.
Источник:
SecurityVulns ID:14411
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при получении пустого UDP-пакета.
Затронутые продукты:PULSEAUDIO : PulseAudio 5.0
CVE:CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:134 ] pulseaudio (19.04.2015)

Выполнение кода в маршрутизаторах ipTIME
дополнено с 19 апреля 2015 г.
Опубликовано:5 июля 2015 г.
Источник:
SecurityVulns ID:14404
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода через Web-интерфейс.
Оригинальный текстdocumentPierre Kim, Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) (05.07.2015)
 documentPierre Kim, 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges (19.04.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород