Computer Security
[EN] no-pyccku

6!libpng security vulnerabilities
updated since 15.05.2014
document Few integer overflows lead to heap buffer overrun.
 cabextract directory traversal
document Directory traversal on files extraction.
 python-numpy symbolic links vulnerability
document Symbolic links vulnerability on temporary files creation.
 snmplib / snmpd DoS
document Multiple DoS conditions.
 stunnel crypto vulnerabilities
document Entropy pools are reused if fork() if used for threading.
 libarchive directory traversal
updated since 16.03.2015
document Directory traversal and symbolic links vulnerability in cpio implementation.

8!Apple Safari / Webkit multiple security vulnerabilities
updated since 08.04.2015
document Invalid SSL validation, information leakage, crossite access, memory corruptions.
6!freexl multiple security vulnerabilities
document Multiple memory corruptions on Excel documents parsing.
6!Android multiple security vulnerabilities
document Restrictions bypass, code execution.
6!cups-filters code execution
updated since 18.03.2015
document cups-browsed shell characters vulnerability
 pillow multiple security vulnerabilities
document Symbolic links vulnerability, DoS, shell injection.
 Shibboleth Service Provider DoS
document Crash on parsing SAML message.
 dulwich security vulnerabilities
document Code execution, buffer overflow.
 cifs-utils buffer overflow
document pam_cifscreds buffer overflow.
 util-linux blkid commands injection
 PulseAudio DoS
document Crash on empty UDP packet.
 Not Yet Commons SSL certificate spoofing
document Insufficient certificate checking.
 Jython weak permissions
document Weak permissions on cache files creation.
 gtk+ protection bypass
document Screen lock bypass.
 TP-LINK devices unauthorized files access
document Directory traversal in web interface.
  HP Support Solution Framework security vulnerabilities
document Code execution, information disclosure.

8!Apple iOS multiple security vulnerabilities
document Restrictions bypass, privilege escalation, headers spoofing, XXE, memory corruptions, information disclosure, DoS, traffic hijacking.
8!Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
document Over 90 different vulnerabilities are fixed in quarterly update.
6!chrony multiple security vulnerabilities
document Memory corruption, uninitialized pointer dereference, DoS.
6!libx11 / libxrender memory corruption
document Memory corruption in MakeBigReq
 Hancom Office memory corruption
document Memory corruption on document parsing.
 gst-plugins buffer overflow
document Buffer overflow on MP4 playback.
 inspircd security vulnerabilities
document Buffer overflow, DoS.
 Apport privilege escalation
document Invalid crash report handling.
 HP Network Automation multiple security vulnerabilities
document XSS, CSRF, clickjacking.
 ppp buffer overflow
document Buffer overflow on RADIUS server response parsing.
 EMC NetWorker buffer overflow
document nsr_render_log buffer overflow
 less uninitialized memory reference

10!Microsoft Windows multiple security vulnerabilities
document Multiple Internet Explorer vulnerabilities, VBScript engine, graphics, HTTP.sys vulnerabilities, privilege escalation, code execution, restrictions bypass, information disclosure, DoS.
8!Cisco IOS multiple security vulnerabilities
updated since 09.04.2015
document Multiple DoS conditions, code execution.
7!Microsoft Office and Sharepoint multiple security vulnerabilities
document Code execution, privilege escalation.
6!Microsoft Exchange crossite scripting
document Multiple crossite scripting possibilities.
6!Apache multiple security vulnerabilities
updated since 15.03.2015
document mod_headers restrictions bypass, mod_cache DoS, mod_lua restrictions bypass and DoS, mod_proxy_fcgi DoS, mod_gnutls restrictions bypass.
 Panda authentication bypass
document Password is checked by client application.
 Cisco Secure Desktop code execution
document Code execution in the signed jar library.
 Active Directory Federation Services information disclosure
document Invalid session logoff.

8!Apple Mac OS X multiple security vulnerabilities
updated since 09.04.2015
document 80 different vulnerabilities.
7!LibTIFF multiple security vulnerabilities
updated since 09.04.2015
document Multiple memory corruptions on different formats parsing.
6!OpenLDAP multiple security vulnerabilities
document DoS, privilege escalation.
6!EMC PowerPath backdoor account
document EMC PowerPath vApp undocumented account.
6!HP Thin Clients security vulnerabilities
document Code execution, privilege escalation.
6!CA Spectrum security vulnerabilities
document XSS, code execution.
 libgfortran integer overflows
document Multiple integer overflows.
 Erlang CRLF injection
document CRLF injection in FTP commands.
 ctdb symbolic links vulnerabilities
document Symbolic links vulnerabilities in temporary files creation.
 Schneider Vampset buffer overflow
document Heap and stack buffer overflows.
 Mandriva Business Server weak permissions
document Password files weak permissions.
 HP Intelligent Provisioning information leakage
 Asterisk certificate validation bypass
document Invalid NULL character handling.
 Linux kernel security vulnerabilities
document Information leakage.
 dpkg protection bypass
document dpkg-source package validation bypass.
 FreeRDP integer overflow
document Integer overflow on server response parsing.

8!Apple Mac OS X multiple security vulnerabilities
updated since 04.05.2014
document Unsafe cookie handling, code execution via different formats and protocols, privilege escalation, information leakage.
6!Apple TV multiple security vulnerabilities
document Nearly 40 different vulnerabilities, including code execution.
6!Cisco Prime Data Center Network Manager directory traversal
document fmserver servlet directory traversal
6!Cisco Unity Connection multiple security vulnerabilities
document Multiple DoS conditions.
6!Cisco ASA multiple security vulnerabilities
document Commands injection, resources exhaustion, DoS.
6!GnuPG / libgcrypt multiple security vulnerabilities
updated since 15.03.2015
document Use-after-free, backside channels information disclosure.
 wireshark multiple security vulnerabilities
document DoS on parsing WCP, pcapng and TNEF

8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Certificate check bypass, code execution, restrictions bypass, memory corruptions.
7!libtasn1 memory corruption
document Memory corruption on ASN.1 parsing.
6!ntpd restrictions bypass
document message authentication code implementation is invalid and can be bypasses.
6!FreeBSD IPv6 DoS
document It's possible to set low current hope limit via Neighbor Discover Protocol
6!FreeBSD weak permissions
document Weak ZFS and GELI key files permissions.
 tor DoS
document Multiple DoS conditions.
 FreeBSD zfs weak permissions
updated since 07.01.2010
document Weak file permissions may be set during transaction replay.

8!libgd / PHP security vulnerabilities
document Buffer overflow, NULL pointer dereference.
 OpenSSH memory leak
document Memory leak on aborted client connection.
 MIT Kerberos 5 multiple potential security vulnerabilities
document Memory leaks, insufficient memory zeroing, etc.
 arj multiple security vulnerabilities
document Buffer overflow, directory traversal.
 mailman directory traversal
document Directory traversal via transport scripts.
 Apache Subversion multiple security vulnerabilities
document Resources exhaustion, DoS, information spoofing.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod