Computer Security
[EN] securityvulns.ru no-pyccku


VMWare privilege escalation
Published:02.06.2014
Source:
SecurityVulns ID:13800
Type:local
Threat Level:
5/10
Description:NULL pointer dereference in VMWare Tools for Windows.
Affected:VMWARE : ESXi 5.5
 VMWARE : VMware Workstation 10.0
 VMWARE : VMware Player 6.0
 VMWARE : VMware Fusion 6.0
CVE:CVE-2014-3793 (VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.)
Original documentdocumentVMWARE, NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation (02.06.2014)

Panda products privilege escalation
Published:02.06.2014
Source:
SecurityVulns ID:13801
Type:local
Threat Level:
5/10
Affected:PANDA : Panda Global Protection 2014
 PANDA : Panda Internet Security 2014
 PANDA : Panda AV Pro 2014
CVE:CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users to gain privileges via unspecified vectors.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-3450 - Privilege Escalation in Panda Security (02.06.2014)

HP IceWall DoS
Published:02.06.2014
Source:
SecurityVulns ID:13802
Type:remote
Threat Level:
5/10
Affected:HP : IceWall SSO 10.0
 HP : IceWall MCRP 3.0
CVE:CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03007 rev.1 - HP IceWall MCRP and HP IceWall SSO, Remote Denial of Service (DoS) (02.06.2014)

JavaMail header injection
Published:02.06.2014
Source:
SecurityVulns ID:13803
Type:library
Threat Level:
5/10
Description:It's possible to inject header via setSubject.
Affected:ORACLE : JavaMail 1.5
Original documentdocumentAlexandre Herzog, JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001] (02.06.2014)

Wing FTP Rush insufficient certificate validation
Published:02.06.2014
Source:
SecurityVulns ID:13804
Type:m-i-t-m
Threat Level:
5/10
Description:SSL certificate is not validated.
Affected:WING : FTP Rush 2.1
Original documentdocumentMicha.Borrmann_(at)_SySS.de, FTP Rush: missing X.509 validation (FTP with TLS) (02.06.2014)

libvirt XXE vulnerability
Published:02.06.2014
Source:
SecurityVulns ID:13805
Type:library
Threat Level:
5/10
Affected:LIBVIRT : libvirt 1.1
CVE:CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:097 ] libvirt (02.06.2014)

GnuTLS and libtasn1 multiple security vulnerabilities
Published:02.06.2014
Source:
SecurityVulns ID:13806
Type:library
Threat Level:
8/10
Description:Buffer overflows, integer overflows, NULL pointer dereference.
Affected:GNU : GnuTLS 3.2
 LIBTASN1 : libtasn1 3.6
CVE:CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.)
 CVE-2014-3468 (The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.)
 CVE-2014-3467 (Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnutTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.)
 CVE-2014-3466 (Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.)
 CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN.)
Original documentdocumentTomas Hoger, [oss-security] GnuTLS and libtasn1 security fixes (02.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod