Computer Security
[EN] securityvulns.ru no-pyccku


ghostscript memory corruption
Published:03.08.2015
Source:
SecurityVulns ID:14617
Type:library
Threat Level:
5/10
Description:Memory corruption on Postscript file parsing.
Affected:GHOSTSCRIPT : ghostscript 9.15
CVE:CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.)
Original documentdocumentUBUNTU, [USN-2697-1] Ghostscript vulnerability (03.08.2015)

ISC bind named DoS
Published:03.08.2015
Source:
SecurityVulns ID:14619
Type:remote
Threat Level:
5/10
Description:Assert on TKEY request processing.
Affected:ISC : bind 9.10
CVE:CVE-2015-5477 (named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-15:17.bind (03.08.2015)

HPLIP restrictions bypas
Published:03.08.2015
Source:
SecurityVulns ID:14616
Type:m-i-t-m
Threat Level:
5/10
Description:Invalid GPG key retrieval from server.
Affected:HP : hplip 3.15
CVE:CVE-2015-0839
Original documentdocumentUBUNTU, [USN-2699-1] HPLIP vulnerability (03.08.2015)

expat library integer overflow
Published:03.08.2015
Source:
SecurityVulns ID:14621
Type:library
Threat Level:
5/10
Description:Multiple integer overflows.
Affected:EXPAT : Expat 2.1
CVE:CVE-2015-1283 (Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3318-1] expat security update (03.08.2015)

Cisco ASR routers DoS
Published:03.08.2015
Source:
SecurityVulns ID:14622
Type:remote
Threat Level:
6/10
Description:Crash on fragmented packets processing.
Affected:CISCO : Cisco ASR 1000
CVE:CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.)
Files: Cisco Security Advisory Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

FreeBSD patch code execution
updated since 03.08.2015
Published:10.08.2015
Source:
SecurityVulns ID:14618
Type:local
Threat Level:
5/10
Description:Commands injection is possible.
Affected:FREEBSD : FreeBSD 10.2
CVE:CVE-2015-1418
 CVE-2015-1416
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch (10.08.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch (03.08.2015)

libvirt / qemu multiple security vulnerabilities
updated since 03.08.2015
Published:31.08.2015
Source:
SecurityVulns ID:14620
Type:library
Threat Level:
6/10
Description:Multiple memory corruptions.
Affected:QEMU : qemu 2.2
CVE:CVE-2015-5745
 CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.)
 CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.)
 CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.)
 CVE-2015-5158
 CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.)
 CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.)
Original documentdocumentUBUNTU, [USN-2724-1] QEMU vulnerabilities (31.08.2015)
 documentUBUNTU, [USN-2692-1] QEMU vulnerabilities (03.08.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod