Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в HP Network Node Manager i
дополнено с 21 ноября 2011 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12052
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, несанкционированный доступ, утечка информации.
Затронутые продукты:HP : Network Node Manager i 9.0
 HP : Network Node Manager i 9.1
CVE:CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.)
 CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.)
 CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.)
Оригинальный текстdocument0a29 40, 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 (27.11.2011)
 documentHP, [security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information (21.11.2011)
 documentHP, [security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access (21.11.2011)
 documentHP, [security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (21.11.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12054
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.6
 WORDPRESS : WordPress 3.1
 SPIP : spip 2.1
 SIMPLEPRESS : Simple:Press Forum 4.4
 DOLIBARR : Dolibarr 3.1
 FLVPLAYER : flvPlayer 1.0
 TINYMCE : TinyMCE 3.4
 ROUNDCUBE : RoundCube 0.6
 KAJIANWEBSITE : CMS Balitbang 3.0
 ITOP : iTop 1.1
 PMWIKI : PmWiki 2.2
 WORDPRESS : meenews 5.1
 BLOGSMANAGER : Blogs manager 1.101
 VALIDERP : Valid tiny-erp 1.6
 FREELANCERCAL : Freelancer calendar 1.01
 SITRACKER : Support Incident Tracker 3.65
CVE:CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2349-1] spip security update (27.11.2011)
 documentn0b0d13s_(at)_gmail.com, Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Freelancer calendar <= 1.01 SQL Injection Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Valid tiny-erp <= 1.6 SQL Injection Vulnerability (27.11.2011)
 documentmuuratsalo experimental hack lab, Blogs manager <= 1.101 SQL Injection Vulnerability (27.11.2011)
 documentAmir_(at)_irist.ir, wordpress Lanoba Social Plugin Xss Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress advanced-text-widget Plugin Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress adminimize Plugin Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress clickdesk-live-support-chat plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress featurific-for-wordpress plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress enable-latex plugin Remote File Include Vulnerabilities (27.11.2011)
 documentAmir_(at)_irist.ir, Wordpress meenews 5.1 plugin Cross-Site Scripting Vulnerabilities (27.11.2011)
 documentn0b0d13s_(at)_gmail.com, PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability (27.11.2011)
 documentTobias Glemser, TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181 (27.11.2011)
 documentSteevee a.k.a Stefanus, AdaptCMS 2.x SQL Injection Vulnerability (27.11.2011)
 documentSteevee a.k.a Stefanus, CMS Balitbang 3.x SQL Injection Vulnerability (27.11.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Dolibarr (27.11.2011)
 documentmr xadal, icomex cms (Content Management Solutions) sql injection vulnerability (27.11.2011)
 documentMustLive, Multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications (27.11.2011)

Многочисленные уязвимости безопасности в Google Chrome
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12055
Тип:клиент
Уровень опасности:
8/10
Описание:Выполнение кода, повышение привилегий, DoS.
Затронутые продукты:GOOGLE : Chrome 15.0
CVE:CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.)
 CVE-2011-3899
 CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) 7 is used, does not request user confirmation before applet execution begins, which allows remote attackers to have an unspecified impact via a crafted applet.)
 CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.)
 CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to shader variable mapping.)
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream.)
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.)

Переполнение буфера в MaraDNS
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12056
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе запроса.
Затронутые продукты:MARADNS : MaraDNS 1.4
CVE:CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.)

Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12057
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.)
 CVE-2011-3209 (The div_long_long_rem implementation in include/asm-x86/div64.h in the Linux kernel before 2.6.26 on the x86 platform allows local users to cause a denial of service (Divide Error Fault and panic) via a clock_gettime system call.)
 CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c in the Linux kernel before 3.1 allows local users to obtain sensitive information from kernel memory via a copy of a short string.)
 CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in tools/perf/util/config.c in perf, as distributed in the Linux kernel before 3.1, allows local users to overwrite arbitrary files via a crafted config file in the current working directory.)
 CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.)
 CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability during scan operations with a long SSID value.)
 CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping.)
 CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.)
 CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.)
 CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.)
 CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.)
 CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application.)
Оригинальный текстdocumentUBUNTU, [USN-1281-1] Linux (OMAP4) vulnerabilities (27.11.2011)
 documentUBUNTU, [USN-1268-1] Linux kernel vulnerabilities (27.11.2011)

Повышение привилегий в HP-UX System Administration Manager
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12058
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2011-4159 (Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02724 SSRT100650 rev.2 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege (27.11.2011)

Выполнение кода в HP StorageWorks P4000
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12059
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : StorageWorks P4000
CVE:CVE-2011-4157 (Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on the HP StorageWorks P4000 Virtual SAN Appliance allows remote attackers to execute arbitrary code via a crafted login request.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02722 SSRT100279 rev.1 - HP StorageWorks P4000 Virtual SAN Appliance, Execution of Arbitrary Code (27.11.2011)

Несанкционированный доступ через HP Integrated Lights-Out
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12060
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ при использовании HP Directories Support.
Затронутые продукты:HP : HP Directories Support for ProLiant Management Processors 3.10
 HP : HP Directories Support for ProLiant Management Processors 3.20
CVE:CVE-2011-4158 (Unspecified vulnerability in HP Directories Support for ProLiant Management Processors 3.10 and 3.20 for Integrated Lights-Out iLO2 and iLO3 allows remote authenticated users to obtain sensitive information via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02721 SSRT100605 rev.1 - HP Directories Support for ProLiant Management Processors for Integrated Lights-Out iLO2 and iLO3, Unauthorized Access (27.11.2011)

Несанкционированный доступ через HP Operations Agent / HP Performance Agent
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12061
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Operations Agent 11.00
 HP : HP Performance Agent 4.73
 HP : HP Performance Agent 5.0
CVE:CVE-2011-4160 (Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02726 SSRT100685 rev.1 - HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris, Local Unauthorized Access (27.11.2011)

Подмена сертификата в Software Center
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12063
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Недостаточная проверка серверного сертификата.
Затронутые продукты:UBUNTU : Ubuntu Software Center 3.0
 UBUNTU : Ubuntu Software Center 4.0
 UBUNTU : Ubuntu Software Center 5.0
CVE:CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validate server certificates, which allows remote attackers to execute arbitrary code or obtain sensitive information via a man-in-the-middle (MITM) attack.)
Оригинальный текстdocumentUBUNTU, [USN-1270-1] Software Center vulnerability (27.11.2011)

Многочисленные уязвимости безопасности в Puppet
дополнено с 1 октября 2011 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:11934
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные возможности перезаписи файлов, подмена сертификатов.
Затронутые продукты:PUPPET : Puppet 2.6
CVE:CVE-2011-3872 (Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability.")
 CVE-2011-3871 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.)
 CVE-2011-3870 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.)
 CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2352-1] puppet security update (27.11.2011)
 documentUBUNTU, [USN-1223-1] Puppet vulnerabilities (01.10.2011)

Переполнение буфера в ldns
дополнено с 7 мая 2009 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:9899
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе записей.
Затронутые продукты:LDNS : ldns 1.5
 LDNS : ldns 1.4
 LDNS : ldns 1.6
CVE:CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.)
 CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2353-1] ldns security update (27.11.2011)
 documentDEBIAN, [SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution (07.05.2009)

Многочисленные уязвимости безопасности в библиотеке freetype
дополнено с 16 июля 2010 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:11001
Тип:библиотека
Уровень опасности:
6/10
Описание:Повреждения памяти при разборе шрифтов.
Затронутые продукты:FREETYPE : FreeType 2.3
 APPLE : MacOS X 10.5
 FREETYPE : FreeType 2.4
CVE:CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.)
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.)
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.)
 CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.)
 CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.)
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.)
 CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.)
 CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.)
 CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.)
 CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.)
 CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.)
 CVE-2010-1797 (Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2155-1] freetype security update (03.02.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0825] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch (10.11.2010)
 documentDEBIAN, [SECURITY] [DSA-2116-1] New freetype packages integer overflow (06.10.2010)
 documentUBUNTU, [USN-972-1] FreeType vulnerabilities (19.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities (16.07.2010)

Многочисленные уязвимости безопасности в библиотеке ffmpeg
дополнено с 11 ноября 2011 г.
Опубликовано:27 ноября 2011 г.
Источник:
SecurityVulns ID:12031
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждения памяти при разборе форматов MKV и AVS/CAVS
Затронутые продукты:FFMPEG : FFmpeg 0.7
 FFMPEG : FFmpeg 0.8
CVE:CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.)
 CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.)
 CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Оригинальный текстdocument[email protected], NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (27.11.2011)
 document[email protected], NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (27.11.2011)
 document[email protected], NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (27.11.2011)

DoS против libpurple / Pidgin
дополнено с 27 ноября 2011 г.
Опубликовано:19 декабря 2011 г.
Источник:
SecurityVulns ID:12062
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе протокола SILC, отказ при разборе протокола OSCAR (AIM, ICQ)
Затронутые продукты:LIBPURPLE : libpurple 2.10
CVE:CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.)
 CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:183 ] pidgin (19.12.2011)
 documentUBUNTU, [USN-1273-1] Pidgin vulnerabilities (27.11.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород