30.12.2013 Detailed

9! Microsoft Windows multiple security vulnerabilities updated since 16.12.2013   Memory corruption in graphics library, signature check bypass, use-after-free in scripting, multiple privilege escalations. 7! PHP memory corruption updated since 24.12.2013   Memory corruption in asn1_time_to_time_t() 6! libtar integer overflows   Few integer overflows.

iOS applications multiple seucrity vulnereabilities updated since 15.07.2013   Multiple application with remote data access are vulnerable.

24.12.2013 Detailed

8! Asterisk security vulnerabilities   SMS parsing buffer overflow, Asterisk Manager privilege escalation.

8! Apple Safari multiple security vulnerabilities   Information leakage, multiple memory corruptions.

QT resources exhaustion   Resources exhaustion leads to denial of service.

Wireshark DoS   Problems with NTLMSSPv2 and BSSGP dissectors.

VMWare ESX / ESXi privilege escalation   Files access privilege escalation.

denyhosts DoS   Invalid regular expression can be exploited to ban arbitrary IP address.

llvm unsafe rpath   rpath is set to /tmp

RealPlayer buffer overflow   Buffer overflow on RMP files parsing.

Apple Motion buffer overflow   Buffer overflow on .motn files parsing.

libiodbc rpath vulnerability   Unsafe rpath vulnerability in test applications.

23.12.2013 Detailed

9! Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities   Multiple memory corruptions, XSS, information leakage, certificate check bypass. 8! Linux kernel multiple security vulnerabilities updated since 09.12.2013   Weak permissions, information leakage, privilege escalation, DoS. 7! ANSSI certificate is used for spoofing   ANSSI agency uses valid intermediate certificate in traffic sniffing device.

7! OpenStack multiple security vulnerabilities updated since 28.10.2013   DoS, information leakage.

6! GnuPG acoustic attack   It's possible to resover sensitive information via acousitc emanations.

X.Org integer overflow   Integer overflow.

cURL certificates spoofing updated since 26.11.2013   Имя хоста не проверяется при включенном CURLOPT_SSL_VERIFYPEER.

16.12.2013 Detailed

9! Microsoft Exchange Server multiple security vulnerabilities   Machine authentication check code execution, crossite scripting, Oracle components code execution. 8! Microsoft Internet Explorer multiple security vulnerabilities   Multiple memory corruption and privilege escalations. 7! Microsoft SharePoint code execution   It's possible to executed code via SharePoint page content.

6! Microsoft Office security vulnerabilities   Informatio leakage on Sharepoint files access, Microsoft Office Shared Component information leakage.

Microsoft SignalR library crossite scripting   Forever Frame transport crossite scripting.

09.12.2013 Detailed

9! Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities updated since 26.11.2013   Quarterly update fixes over 130 vulnerabilities in different products. 8! Chromium / Google Chrome multiple security vulnerabilities   Address spoofing, memory corruptions, buffer overflows. 8! OpenSSL multiple security vulnerabilities   NULL pointer dereference, off-by one buffer overflow, DoS.

7! libjpeg multiple security vulnerabilities updated since 26.11.2013   Buffer overflow, uninitialized memory reference.

6! Apple iPhone / iPad multiple securit vulnerabilities updated since 01.10.2013   Multiple vulnerabilities in different system components.

Cisco Security Monitoring, Analysis and Response System crossite scripting   Crossite scripting in web interface.

Belkin NetCam backdoor   Unchangable account.

OpenVAS Manager / OpenVAS Administrator authentication bypass   Access to some commands is not authenticated.

VMWare privilege escalation   Privilege escalation in the guest system via LGTOSYNC.SYS.

pixman integer overflow

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)   PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

D-Link routers multiple security vulnerabilities updated since 10.07.2013   Shell characters injection, authentication bypass.

GNU GIMP memory corruption   Memory corruption on XWD files parsing.

Osirix information leakage   Secret key is copied into file.

Pineapp MailSecure code execution   Code execution via web interface.

Intersystems Cache code execution   Insecure default installation.

SKIDATA RFID Freemotion.Gate code execution   Code execution via TCP/7777 web interface.

02.12.2013 Detailed

links browser integer overflow   Integer overflow on HTML tables parsing.

01.12.2013 Detailed

8! quagga security vulnerabilities   OSPF parsing buffer overflow, BGP DoS. 7! glibc security vulnerabilities updated since 03.10.2013   Integer overflows in pvalloc, valloc, posix_memalign/memalign/aligned_alloc, invalid PTR_MANGLE implementation, getaddrinfo() stack overflow, strcoll_l.c integer overflow and buffer overflow. 6! nbd privilege escalation   Invalid access control lists processing.

6! HP Service Manager / HP ServiceCenter multiple security vulnerabilities updated since 05.11.2013   Code execution, privilege escalation, information leakage, XSS.

6! Ruckus protection bypass updated since 17.06.2013   It's possible to relay ssh connections without authentication, Web interface authentication bypass, crossite scripting.

Sup-mail commands injection   It's possible to inject commands via filename and Content-Type.