Computer Security
[EN] securityvulns.ru no-pyccku


mailman directory traversal
Published:07.04.2015
Source:
SecurityVulns ID:14350
Type:local
Threat Level:
4/10
Description:Directory traversal via transport scripts.
Affected:MAILMAN : mailman 2.1
CVE:CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3214-1] mailman security update (07.04.2015)

Apache Subversion multiple security vulnerabilities
Published:07.04.2015
Source:
SecurityVulns ID:14353
Type:remote
Description:Resources exhaustion, DoS, information spoofing.
Affected:APACHE : Subversion 1.8
CVE:CVE-2015-0251 (The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.)
 CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.)
 CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:192 ] subversion (07.04.2015)

libgd / PHP security vulnerabilities
Published:07.04.2015
Source:
SecurityVulns ID:14349
Type:library
Threat Level:
8/10
Description:Buffer overflow, NULL pointer dereference.
Affected:PHP : PHP 5.5
 GD : libgd 2.1
CVE:CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.)
 CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3215-1] libgd2 security update (07.04.2015)

arj multiple security vulnerabilities
Published:07.04.2015
Source:
SecurityVulns ID:14351
Type:local
Threat Level:
5/10
Description:Buffer overflow, directory traversal.
CVE:CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.)
 CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.)
 CVE-2015-0556 (Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3213-1] arj security update (07.04.2015)

MIT Kerberos 5 multiple potential security vulnerabilities
Published:07.04.2015
Source:
SecurityVulns ID:14352
Type:remote
Threat Level:
5/10
Description:Memory leaks, insufficient memory zeroing, etc.
Affected:MIT : krb5 1.13
Original documentdocumentNicholas Lemonias., Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp (07.04.2015)

OpenSSH memory leak
Published:07.04.2015
Source:
SecurityVulns ID:14354
Type:remote
Threat Level:
5/10
Description:Memory leak on aborted client connection.
Affected:OPENSSH : OpenSSH 6.8
Original documentdocumentNicholas Lemonias., Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp (07.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod