Computer Security
[EN] securityvulns.ru no-pyccku



30.05.2014
Detailed
10!OpenSSL security vulnerabilities
updated since 08.04.2014
document Information leakage, key recovery. This vulnerability is actively used in-the-wild.
8!Apple Mac OS X multiple security vulnerabilities
document Information disclosures, memory corruptions, DoS, privilege escalations, protection bypass.
7!Cisco NX-OS multiple security vulnerabilities
document Privilege escalation, buffer overflow, DoS.
6!HP Operations Manager i code execution
   
6!torque buffer overflow
updated since 29.05.2014
document Buffer overflow on task processing.
 Cisco Wide Area Application Services code execution
document SharePoint prefetch memory corruption.
 PHP privilege escalation
document Weak unix socket permissions.
  


29.05.2014
Detailed
8!exim code execution
document Code execution with EXPERIMENTAL_DMARC enabled.
7!Apple Safari multiple security vulnerabilities
document Multiple memory corruptions.
7!Linux kernel multiple security vulnerabilities
updated since 04.05.2014
document Memory corruptions in STCP, DCCP and CIFS, KVM and pseudo tty privilege escalations, DoS.
6!NICE Recording eXpress multiple security vulnerabilities
document Multiple security vulnerability, including privileged backdoor access.
6!Apache Tomcat multiple security vulnerabilities
document DoS, information leakage.
 iTunes security vulnerabilities
document Invalid HTTP headers processing, weak permissions.
 D-Link routers multiple security vulnerabilities
document XSS, information leakage.
 EMC Documentum D2 privilege escalation
document It's possible to execute DQL Query with super-user privileges.
 EMC RSA Archer crossite scripting
document Multiple crossite scripting conditions.
 mod-wsgi security vulnerabilities
document Privilege escalation, information disclosure.
 check_mk symbolic links vulnerability
document Symbolic links are not checked during files operation.
 Ruby security vulnerabilities
updated since 01.12.2013
document DoS, restrictions bypass.
  


15.05.2014
Detailed
6!EMC Documentum Foundation Services uneuthorized access
document Unauthorized files access.
6!RSA NetWitness / RSA Security Analytics authentication bypass
document Under some conditions, login with empty password is allowed.
6!libXfont multiple security vulnerabilities
document DoS, memory corruptions.
6!QEMU multiple security vulnerabilities
updated since 04.05.2014
document DoS, memory corruptions, buffer overflow.
 libgadu buffer overflow
document Buffer overflow on server response parsing.
 seunshare privileges escalation
document Insufficient privileges drop.
 EncFS multiple cryptography vulnerabilities
document Multiple vulnerabilities.
 Xen buffer overflow
document Buffer overflow on guest system kernel image loading.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 BROADCOM PIPA C211 authentication bypass
document Device configuration may be accessed without authentication.
 ldns weak permissions
document ldns-keygen can create world-readable private key file.
  


14.05.2014
Detailed
8!Microsoft SharePoint Server multiple security vulnerabilities
document Code execution, crossite scripting.
8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple memory corruptions.
8!Microsoft Office multiple security vulnerabilities
document Memory corruptions, buffer overflows, protection bypass.
7!Microsoft Windows multiple security vulnerabilities
document Windows File Handling code execution, Group Policy Preferences privileges escalation. .Net privileges escalation. Windows Shell privileges escalation. iSCSI DoS.
 Microsoft Publisher uninitialized pointer dereference
document Uninitialized pointer dereference on file parsing.
  


10.05.2014
Detailed
7!Cisco WebEx multiple security vulnerabilities
document Memory corruption on different formats parsing.
 HP Fibre Channel switches information leakage
   
 GNU Emacs
document Symbolic links vulnerability on temporary files creation.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 AVG Remote Administration multiple security vulnerabilities
document Authentication bypass, code execution, static encryption key.
 Apache mod_security protection bypass
document Protection bypass via chunked encoding.
 rxvt-unicode code execution
   
 cups-filters code execution
document cups-browsed shell characters vulnerabiilty.
 HP Network Node Manager crossite scripting
   
 NVidia drivers privilege escalation
document Privilege escalation via X.Org drivers.
 OnApp SSH keys cloning
document ECDSA host keys are not regenerated after system image cloning.
  


07.05.2014
Detailed
7!Openswan / Strongswan security vulnerabilities
updated since 07.04.2014
document Buffer overflow, DoS, protection bypass.
6!Apache Struts multiple security vulnerabilities
updated since 02.05.2014
document Few ClassLoader manipulation vulnerabilities with potential RCE impact.
 libvirt security vulnerabilities
document DoS, smbolic links vulnerability.
 libxml2 DoS
document CPU exhaustion on XML parsing.
 IBM AIX security vulnerabilities
document ptrace information leak and DoS.
 Citrix Netscaler security vulnerabilities
document Weak Diffie-Hellman protocol implementation, lack of SSL cerificate check.
 Cyberduck protection bypass
document Invali FTP-SSL root ceritificates check.
 OpenStack multiple security vulnerabilities
document Glance code execution, Neutron and Swift unauthorized access, Horizon crossite scripting, Quantum / Cinder / Oslo information leakage.
  


05.05.2014
Detailed
9!Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
updated since 29.01.2014
document Quarterly update fixes 144 different vulnerabilities.
7!OpenSSL race conditions
updated since 01.05.2014
document Race conditions lead to DoS or data injection.
6!Cisco ASA multiple security vulnerabilities
document Privilege escalation authentication bypass, DoS.
 xbuffy buffer overflow
document Buffer oveflow on message parsing.
 Cray supercomputers privilege escalation
document root privileges escalation via aprun/apinit
 MAAS security vulnerabilities
document Weak permissions, crossite scripting.
 Jetro Cockpit Secure Browsing code execution
document Code execution via print-to-PDF function.
 Zarafa DoS
document Few DoS conditions.
 GetGo Download Manager buffer overflow
document Buffer overflow on server response parsing.
 owncloud security vulnerabilities
document Owncloud versions 5.0.15 and 6.0.2 fix several unspecified security vulnerabilities, as well as many other bugs.
 Free Download Manager buffer overflow
document Buffer overflow via filename.
 HP IceWall Identity Manager / HP IceWall SSO Password Reset Option DoS
document DoS related to Apache Commons FileUpload
 prosody DoS
document Resources exhaustion via zip bomb.
 Open-Xchange security vulnerabilities
document Password is passed via URI during password reset. Crossite scripting.
 Blackberry Z10 buffer overflow
document qconndoor service buffer overflow
 OpenAFS DoS
document Buffer overflow in GetStatistics64() RPC call.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.05.2014
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 Plex Media Server multiple security vulnerabilities
document Information leakage, protection bypass, CSRF.
 EMC RSA BSAFE Micro Edition Suite security vulnerabilities
document Few SSL related vulnerabilities in certificates chain validation and BEAST attacks.
 EMC RSA Data Loss Prevention privilege escalation
document Privilege escalation because of invalid session management.
 EMC Documentum Content Server information leakage
document It's possible to access restricted folders.
 parcimonie information leakage
document Information leakage via timings.
  


04.05.2014
Detailed
8!Adobe Flash Player multiple security vulnerabilities
document Use-after-free, buffer overflow, restrictions bypass, crossite scripting.
7!Apple iOS multiple security vulnerabilities
document Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.
6!Adobe Reader Mobile code execution
document Code execution via unsafe javascript interface.
6!EMC Cloud Tiering Appliance information leakage
document XML External Entity information leakage.
6!Apple TV multiple security vulnerabitilies
document Unsafe cookie handling, protection ypass, information leakage, multiple WebKit vulnerabilities.
6!libmms buffer overflow
document Buffer overflow in get_answer() on MMS over HTTP processing.
 Net-SNMP multiple security vulnerabilities
document Multiple DoS conditions.
 Python Imaging Library security vulnerabilities
document Symbolic links vulnerabilities.
 WinSCP proteciton bypass
document Server X.509 certificate is not validated.
 SAP Router timing attacks information leakage
document It's possible to find a valid password via statistical attacks.
 json-c security vulnerabilities
document Buffer overflow, weak hashing algorithm.
 Ruby Actionpack / Actionmailer multiple security vulnerabilities
document DoS, crossite scripting.
 WD Arkeia Network Backup security vulnerabilities
document Code execution, directory traversal.
 Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
document PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
 FreeBSD bfs deadlock
document It's possible to cause deadlock on valid operations order.
 HP iLO DoS
document Device crashes on request with Hearbleed exploitation demonstration.
 CUPS crossite scripting
document Crossite scripting in Web interface.
 file utility / libmagic / PHP DoS
updated since 18.02.2014
document Infinite recursion on some file types detection, buffer overread, CPU exhaustion.
 Different Ruby gems security vulnerabilities
updated since 08.01.2014
document Crossite scripting, code execution, information leakage.
 PCNetSoftware RAC Server DoS
document DoS via IOCTL call.
 McAfee Security Scanner Plus privilege escalation
document Privilege escalation via executable spoofing.
 Sitecom routers predictable WAP key
document Default WAP key can be computed from device MAC address.
 rsync DoS
document Resourcs exhaustion.
  


02.05.2014
Detailed
9!Microsoft Internet Explorer use-after-free vulnerability
document VGX.DLL use-after-free vulnerability is actively exploitd in-the-wild.
8!Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
document 104 vulnerabilities in quarterly Critical Patch Update.
7!Cisco Telepresence multiple security vulnerabilities
document Multiple DoS conditions, buffer overflows, code execution.
 Privilege escalation via Super
document setuid return value is not checked.
 HP OneView privilege escalation
   
 Sitepark Information Enterprise Server unauthorized access
document Unauthorized access during update.
 JBIG-KIT buffer overflow
document Buffer overflow in jbg_dec_in() on JPEG parsing.
 Ubuntu Date and Time Indicator privilege escalation
document It's possible to run applications as greeter user.
  


01.05.2014
Detailed
8!FreeBSD TCP fragments memory corruptions
document Memory corruptions on fragmented packets ressembly.
8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Protection bypass, memory corruptions, ceritficate spoofing, privilege escalation, crossite scripting.
6!RSA Access Manager information leakage
document Cleartext passwords may be logged.
 elfutils libdw memory corruption
document Memory corruption on ELF parsing.
 FreeBSD devfs protection bypass
document Jailed processes are not restricted in devfs access.
 Ubuntu Unity protection bypass
document Screen lock bypass.
 Debian dpkg directory traversal
document Directory traversal via C-style quoted filenames on some distributions.
  

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod