Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в wpa_supplicant
дополнено с 5 мая 2015 г.
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14446
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера, DoS уязвимости.
Затронутые продукты:WPASUPPLICANT : wpa_supplicant 2.4
 GOOGLE : Android 5.1
CVE:CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.)
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.)
 CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.)
 CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.)
 CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.)
Оригинальный текстdocumentUBUNTU, [USN-2650-1] wpa_supplicant and hostapd vulnerabilities (21.06.2015)
 documentUBUNTU, [USN-2577-1] wpa_supplicant vulnerability (05.05.2015)
 documentxing_fang_(at)_vulnhunt.com, [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow (05.05.2015)

Уязвимости безопасности в ядре Linux
дополнено с 13 июня 2015 г.
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14531
Тип:библиотека
Уровень опасности:
5/10
Описание:DoS, повышения привилегий.
CVE:CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.)
 CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.)
 CVE-2015-3636 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.)
 CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun.")
 CVE-2015-1328
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3290-1] linux security update (21.06.2015)
 documentUBUNTU, [USN-2647-1] Linux kernel vulnerability (21.06.2015)
 documentUBUNTU, [USN-2634-1] Linux kernel vulnerabilities (13.06.2015)
 documentUBUNTU, [USN-2631-1] Linux kernel vulnerabilities (13.06.2015)

Многочисленные уязвимости безопасности в libvirt / qemu / Xen
дополнено с 13 июня 2015 г.
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14532
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS, повышение привилегий, раскрытие информации, выполнение кода.
Затронутые продукты:QEMU : qemu 2.2
 XEN : Xen 4.5
CVE:CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.)
 CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.)
 CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.)
 CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.)
 CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.)
 CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.)
 CVE-2015-4037 (The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.)
 CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3286-1] xen security update (21.06.2015)
 documentUBUNTU, [USN-2630-1] QEMU vulnerabilities (13.06.2015)

Переполнение буфера в My Wifi Router
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14544
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при авторизации пользователя.
Затронутые продукты:MYWIFIROUTER : My Wifi Router 1.0
Оригинальный текстdocumentsudson08_(at)_gmail.com, Buffer Overflow in My Wifi Router Software (21.06.2015)

Уязвимости безопасности в libav /ffmpeg
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14545
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждение памяти в различных демультиплексорах.
Затронутые продукты:FFMPEG : FFmpeg 2.6
CVE:CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.)
 CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3288-1] libav security update (21.06.2015)

Обратный путь в каталогах в p7zip
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14546
Тип:локальная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах при извлечении файлов.
Затронутые продукты:P7ZIP : p7zip 9.20
CVE:CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3289-1] p7zip security update (21.06.2015)

Обход аутентификации в EMC Unified Infrastructure Manager/Provisioning
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14547
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход аутентификации при использовании LDAP.
Затронутые продукты:EMC : EMC Unified Infrastructure Manager/Provisioning 4.1
CVE:CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.)
Оригинальный текстdocumentEMC, ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability (21.06.2015)

Повышение привилегий в OpenStack cinder
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14548
Тип:локальная
Уровень опасности:
5/10
Описание:Авторизованный пользователь может получить доступ к любым файлам.
Затронутые продукты:OPENSTACK : Cinder 2015.1
CVE:CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3292-1] cinder security update (21.06.2015)

Слабая криптография в VCE Vision Intelligent Operations
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14549
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Слабые шифры, передача чувствительной информации в открытом тексте.
Затронутые продукты:VCE : Vision Intelligent Operations 2.6
CVE:CVE-2015-4057
 CVE-2015-4056
Оригинальный текстdocumentVCE, VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities (21.06.2015)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:21 июня 2015 г.
Источник:
SecurityVulns ID:14550
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SEARCHBLOX : SearchBlox 8.2
 DRUPAL : drupal 7.38
 VESTACP : Vesta Control Panel 0.9
 TYPO3 : Akronymmanager 0.5
 BLACKCATCMS : BlackCat CMS 1.1
CVE:CVE-2015-4117
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.)
 CVE-2015-3234 (The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.)
 CVE-2015-3233 (Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2015-3232 (Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.)
 CVE-2015-3231 (The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.)
 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 3291-1] drupal7 security update (21.06.2015)
 documentHigh-Tech Bridge Security Research, OS Command Injection in Vesta Control Panel (21.06.2015)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in SearchBlox (21.06.2015)
 documentd4rkr0id_(at)_gmail.com, BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability (21.06.2015)
 documentRedTeam Pentesting, [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager (21.06.2015)
 documentiedb.team_(at)_gmail.com, Productsurf Cms Sql Injection Vulnerability (21.06.2015)
 documentiedb.team_(at)_gmail.com, WebdesignJiNi Cms Sql Injection Vulnerability (21.06.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород