Computer Security
[EN] securityvulns.ru no-pyccku


HP XP P9000 Command View Advanced Edition DoS
Published:04.02.2013
Source:
SecurityVulns ID:12853
Type:remote
Threat Level:
5/10
Affected:HP : XP P9000
CVE:CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command View Advanced Edition before 7.4.0-00 allows remote attackers to cause a denial of service via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS) (04.02.2013)

Apple TV security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12854
Type:remote
Threat Level:
5/10
Description:Information leakage, DoS.
Affected:APPLE : Apple TV 5.2
CVE:CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.)
 CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.)
Original documentdocumentAPPLE, APPLE-SA-2013-01-28-2 Apple TV 5.2 (04.02.2013)

Apple iOS multiple security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12855
Type:library
Threat Level:
6/10
Description:Information leakage, certificates vulnerabilities, multiple WebKit vulnerabilities.
Affected:APPLE : Apple iOS 6.0
Original documentdocumentAPPLE, APPLE-SA-2013-01-28-1 iOS 6.1 Software Update (04.02.2013)

libssh DoS
Published:04.02.2013
Source:
SecurityVulns ID:12856
Type:library
Threat Level:
5/10
Description:Crash on connection engotiation.
Affected:LIBSSH : libssh 0.5
CVE:CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.)
Original documentdocumentUBUNTU, [USN-1707-1] libssh vulnerability (04.02.2013)

EMC AlphaStor buffer overfllow
Published:04.02.2013
Source:
SecurityVulns ID:12857
Type:remote
Threat Level:
6/10
Description:Buffer overflow via device name.
Affected:EMC : AlphaStor 4.0
CVE:CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.)
Original documentdocumentEMC, ESA-2013-010: EMC AlphaStor Buffer Overflow Vulnerability (04.02.2013)

Serva security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12858
Type:remote
Threat Level:
5/10
Description:DoS conditions on HTTP and DNS requests processing.
Original documentdocumentInshell Security, [IA34] Serva v2.0.0 HTTP Server GET Remote Denial of Service (04.02.2013)
 documentInshell Security, [IA33] Serva v2.0.0 DNS Server Remote Denial of Service (04.02.2013)

libav / ffmpeg multiple security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12859
Type:library
Threat Level:
6/10
Description:Multple memory corruptions on different formats handling.
CVE:CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN.")
 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.)
 CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value.)
 CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes.")
 CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes.")
 CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write.")
 CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough.")
 CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size.")
 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame.")
Original documentdocumentUBUNTU, [USN-1705-1] Libav vulnerabilities (04.02.2013)

FortiNet FortiMail security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12860
Type:remote
Threat Level:
5/10
Description:Different vulnerabilities in Web interface.
Affected:FORTINET : FortiMail 400
Original documentdocumentVulnerability Lab, Fortinet FortiMail 400 IBE - Multiple Web Vulnerabilities (04.02.2013)

Buffalo TeraStation security vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12861
Type:remote
Threat Level:
5/10
Description:Code execution, information leakage.
Original documentdocumentAndrea Fabrizi, Buffalo TeraStation TS-Series multiple vulnerabilities (04.02.2013)

libvirt DoS vulnerabilities
Published:04.02.2013
Source:
SecurityVulns ID:12862
Type:library
Threat Level:
5/10
Description:Few DoS conditions.
Affected:LIBVIRT : libvirt 0.10
CVE:CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue.)
 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) an event as the RPC number or (2) an RPC number whose value is in a "gap" in the RPC dispatch table.)
Original documentdocumentUBUNTU, [USN-1708-1] libvirt vulnerabilities (04.02.2013)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.02.2013
Source:
SecurityVulns ID:12864
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ELGG : Elgg 1.8
 WORDPRESS : WordPress 3.5
 RAILS : Ruby on Rails 3.0
 RAILS : Ruby on Rails 2.3
 DATALIFE : DataLife Engine 9.7
 KOHANA : Kohana 2.3
 WORDPRESS : WordPress Attack Scanner 0.9
CVE:CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
Original documentdocumentMustLive, Re: Wordpress Pingback Port Scanner (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Chocolate WP theme for WordPress (04.02.2013)
 documentMustLive, Vulnerabilities in WordPress Attack Scanner for WordPress (04.02.2013)
 documentmo bkafek, WordPressSearch plugin SQL Injection Vulnerability (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Flash News theme for WordPress (04.02.2013)
 documentVulnerability Lab, nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities (04.02.2013)
 documentVulnerability Lab, Kohana Framework v2.3.3 - Directory Traversal Vulnerability (04.02.2013)
 documentEgidio Romano, [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability (04.02.2013)
 documentMoritz Naumann, XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") (04.02.2013)
 documentDEBIAN, [SECURITY] [DSA 2613-1] rails security update (04.02.2013)

D-Link IP cameras information leakage
updated since 17.12.2012
Published:04.02.2013
Source:
SecurityVulns ID:12788
Type:remote
Threat Level:
6/10
Description:It's possible to retrieve camera password.
Affected:DLINK : D-Link DCS-932L
 DLINK : D-Link DCS-930L
CVE:CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value.)
Original documentdocumentRoberto Paleari, Unauthenticated remote access to D-Link DCS cameras (04.02.2013)
 documentdoylej.ia_(at)_gmail.com, Password Disclosure in D-Link IP Cameras (CVE-2012-4046) (17.12.2012)
Files:Password Disclosure in D-Link Surveillance Cameras (CVE-2012-4046)

Broadcom chipset routers format string vulnerability
updated since 04.02.2013
Published:11.02.2013
Source:
SecurityVulns ID:12852
Type:library
Threat Level:
8/10
Description:UPnP stack implementation format string vulnerability
Affected:CISCO : Linksys WRT54GL
 LIBUPNP : libupnp 1.3
 LIBUPNP : libupnp 1.6
CVE:CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.)
 CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long ServiceType (aka urn service) field in a UDP packet.)
 CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that lacks a :: (colon colon) in a UDP packet.)
 CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn) field in a UDP packet.)
 CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long UDN (aka device) field in a UDP packet.)
 CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.)
 CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.)
 CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.)
Original documentdocumentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Cisco Linksys Remote Preauth 0day Root Exploit Follow-Up (11.02.2013)
 documentdefensecode_(at)_defensecode.com, DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability (04.02.2013)
Files:Vulnerability Note VU#922681 Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities

squid cachemanager DoS
updated since 04.02.2013
Published:24.02.2013
Source:
SecurityVulns ID:12851
Type:remote
Threat Level:
5/10
Description:cachemgr.cgi resources exhaustion.
Affected:SQUID : squid 3.3
CVE:CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.)
 CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.)
Original documentdocumentSQUID, [ MDVSA-2013:013 ] squid (24.02.2013)

OpenStack security vulnerabilities
updated since 04.02.2013
Published:24.03.2013
Source:
SecurityVulns ID:12863
Type:remote
Threat Level:
5/10
Description:Nova and Glances information leakages, Keystone resources exhaustion.
Affected:OPENSTACK : glance 2012.2
 OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Cinder 2012.2
CVE:CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.)
 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.)
 CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.)
 CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.)
 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.)
 CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.)
 CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.)
 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.)
 CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.)
Original documentdocumentUBUNTU, [USN-1772-1] OpenStack Keystone vulnerability (24.03.2013)
 documentUBUNTU, [USN-1771-1] OpenStack Nova vulnerabilities (24.03.2013)
 documentUBUNTU, [USN-1764-1] OpenStack Glance vulnerability (19.03.2013)
 documentUBUNTU, [USN-1730-1] OpenStack Keystone vulnerabilities (24.02.2013)
 documentUBUNTU, [USN-1731-1] OpenStack Cinder vulnerability (24.02.2013)
 documentUBUNTU, [USN-1734-1] OpenStack Nova vulnerability (24.02.2013)
 documentUBUNTU, [USN-1715-1] OpenStack Keystone vulnerability (11.02.2013)
 documentUBUNTU, [USN-1710-1] OpenStack Glance vulnerability (04.02.2013)
 documentUBUNTU, [USN-1709-1] OpenStack Nova vulnerability (04.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod