Computer Security
[EN] no-pyccku

9!Linux kernel security vulnerabilities
updated since 13.11.2013
document DoS conditions, information leakage, tuntap interface privilege escalation, bt8xx driver privilege escalation, IPv6 ICTP, UDP offload, ipip memory corruptions.
8!Google Chrome / Chromium multiple security vulnerabilities
document Multiple memory corruptions, address bar spoofing, TLS renegatiation vulnerability.
8!Mozilla nss security vulnerabilities
document Buffer overflows, integer overflows, cryptographic vulnerabilities.
6!OpenSSH memory corruption
document Memory corruption in AES-GCM implementation.
6!poppler security vulnerabilities
document Buffer overflow, format string vulnerability.
6!nginx protection bypass
document It's possible to bypass restrictions with "poisoned NUL bute"
 FreeBSD security vulnerabilities
document Kernel memory leaks in different drivers.
 HTTP::Body code execution
document Unsafe temporary files creation.
 RackSpace Windows Agent update spoofing
document Binaries digital signature is not checked.
 Satechi Travel Router unauthorized access
document Unauthorized access via WAN interface.
 EMC RSA Data Protection Manager Appliance security vulnerabilities
document TLS session renegotiation vulnerability, crossite scripting.
 MIT Kerberos 5 KDC DoS
document NULL pointer dereference on some configurations.
 Samba protection bypass
document Restrictions bypass if alternative data streams are allowed.
 memcached DoS
document Crash on network packet parsing.
 Instagram application security vulnerabilities
updated since 09.10.2013
document Protection bypass.

9!Apple Mac OS X and QuickTime multiple security vulnerabilities
updated since 18.11.2010
document Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 and third party applications.
8!Cisco IOS multiple security vulnerabilities
updated since 01.10.2013
document Multiple DoS conditions, information leakage.
6!libav memory corruptions
document Memory corruptions on media formats parsing.
6!SPICE library buffer overflow
document Buffer overflow on oversized password.
6!lighttpd multiple security vulnerabilities
document Protection bypass, privilege escalation, memory corruption.
6!torque authentication bypass
updated since 13.10.2013
document It's possible to queue code execution by connecting directly to pbs_mom port. Shell characters vulnerability.
 EMC Documentum crossite scripting
document Crossite scripting in different modules.
 Vivotek IP cameras authentication bypass
document RTSP access authentication bypass.
 Light Display Manager protection bypass
document AppArmor policy is not applied correctly.
 Cisco TelePresence VX Clinical Assistant unauthorized access
document admin password is reset on every reboot.
 Cisco WAAS directory traversal
document Directory traversal on file upload.
 MAAS privileg escalation
document maas-import-pxe-files privilege escalations.
 Juniper JunOS crossite scripting
document Crossite scripting in EmbedThis.
 Libvirt code privilege escalation
document virConnectDomainXMLToNative() invalid privileges check.
 Dahua DVR authentication bypass
document Some commands may be executed without authentication via TCP/37777 protocol.
 VMWare Workstation privilege escalation
document Unsafe shared library loading.
 wireshark multiple security vulnerabilities
updated since 02.10.2013
document Vulnerabilities in different protocols dissectors.
 Open-Xchange multiple security vulnerabilities
updated since 01.10.2013
document Multiple different vulnerabilities.
 HP Integrated Lights-Out security vulnerabilities
document Crossite scripting, information leakage.
 Apple iOS authentication bypass
document It's possible to complete AppStore transaction without entering password.
 Android su applications privilege escalation
document Unsafe environment variables and file descriptors usage

8!Microsoft Internet Explorer multiple security vulnerabilities
document Multiple information leaks and memory corruptions.
8!Microsoft Windows multiple security vulnerabilities
document GDI integer overflow, InformationCardSigninHelper ActiveX code execution, AFD driver information leak, X.509 certificates DoS, Hyper-V privilege escalation.
7!Microsoft Office multiple security vulnerabilities
document Buffer overflow and memory corruption in Microsoft Word, memory corruption on WPD parsing, Outlook information leakage.

8!Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
document Multiple memory corruptions, address spoofing, protection bypass.
6!Google ICU security vulnerabilities
document Race conditions, code execution.
6!Unicorn WB-3300NR routers crossite scripting
document Crossite scripting in Web interface
6!strongswan security vulnereabilities
document DoS, authentication bypass.
6!Linux kernel buffer overflow
document Heap buffer overflow on eCryptfs request procesing.
 Stem Innovation IZON IP cameras backdoor
document Hardcoded credentials.
 pycrypto PRNG vulnerabilities
document Predictable PRNG state after fork()
 Varnish HTTP cache DoS
document assert() on empty request
 HP LoadRunner code execution
document Virtual User Generator multiple vulnerabilities
 HP SiteScope code execution
document Code execution via issueSiebelCmd SOAP.
 HP Application LifeCycle Management security vulnerabilities
document Different code execution vulnerabilities.
 Tryton directory traversal
document Directory traversal on filename processing in server response parsing.
 Microsoft Silverlight information leakage
updated since 09.10.2013
document Memory content leakage.
 Dropbear SSH server timing attacks
document Different timings for existent and nonexistent users.
 EMC Unisphere for VMAX information leakage
document Under some conditions cleartext password is logged.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod