Computer Security
[EN] securityvulns.ru no-pyccku


HP Data Protector multiple security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13476
Type:remote
Threat Level:
7/10
Description:Code execution, privilege escalation, DoS.
Affected:HP : Storage Data Protector 6.2
CVE:CVE-2013-6195 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.)
 CVE-2013-6194 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.)
 CVE-2013-2350 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1897.)
 CVE-2013-2349 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896.)
 CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.)
 CVE-2013-2347 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1885.)
 CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.)
 CVE-2013-2345 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.)
 CVE-2013-2344 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866.)
Original documentdocumentHP, [security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code (08.01.2014)

Apache libcloud pritection bypass
Published:08.01.2014
Source:
SecurityVulns ID:13477
Type:library
Threat Level:
5/10
Description:Parameter to scrub data after deletion does not acutally work.
Affected:APACHE : libcloud 0.13
CVE:CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.)
Original documentdocumentAPACHE, [CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node (08.01.2014)

OpenSSL security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13478
Type:library
Threat Level:
6/10
Description:TLS 1.2 MitM attacks, potentialy weak PRNGs, DoS.
Affected:OPENSSL : OpenSSL 1.0
CVE:CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.)
 CVE-2013-6449 (The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.)
 CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2833-1] openssl security update (08.01.2014)

puppet symbolic links vulnerability
Published:08.01.2014
Source:
SecurityVulns ID:13480
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary files creation.
CVE:CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2831-1] puppet security update (08.01.2014)

HP Service Manager security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13482
Type:client
Threat Level:
5/10
Description:Crossite scripting, code execution.
Affected:HP : HP Service Manager 9.21
CVE:CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities (08.01.2014)

libXfont memory corruption
Published:08.01.2014
Source:
SecurityVulns ID:13483
Type:library
Threat Level:
8/10
Description:Memory corruption on BDF font parsing.
Affected:LIBXFONT : libXfont 1.4
CVE:CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.)
Original documentdocumentDEBIAN, [USN-2078-1] libXfont vulnerability (08.01.2014)

Spamina email firewall directory traversal
Published:08.01.2014
Source:
SecurityVulns ID:13484
Type:remote
Threat Level:
5/10
Description:Directory traversal in multiple requests.
Affected:SPAMINA : Spamina Email Firewall 3.3
Original documentdocumentsisco.barrera_(at)_gmail.com, SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal - (08.01.2014)

devscripts uscan code execition
Published:08.01.2014
Source:
SecurityVulns ID:13486
Type:client
Threat Level:
5/10
Description:Code execution on server reply parsing.
Affected:DEVSCRIPTS : devscripts 2.13
CVE:CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2836-1] devscripts security update (08.01.2014)

HP Autonomy Ultraseek crossite scripting
Published:08.01.2014
Source:
SecurityVulns ID:13487
Type:remote
Threat Level:
5/10
Affected:HP : Autonomy Ultraseek 5
CVE:CVE-2013-6196 (Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS) (08.01.2014)

QuickHeal AntiVirus buffer overflow
Published:08.01.2014
Source:
SecurityVulns ID:13488
Type:client
Threat Level:
6/10
Description:Buffer overflow on PE files parsing.
Affected:QUICKHEAL : QuickHeal AntiVirus 7.0
CVE:CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.)
Original documentdocumentVulnerability Lab, QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability (08.01.2014)

djvulibre code execution
Published:08.01.2014
Source:
SecurityVulns ID:13489
Type:library
Threat Level:
6/10
Description:Memory corruption.
Affected:DJVULIBRE : DjVuLibre 3.5
CVE:CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.)
Original documentdocumentUBUNTU, [USN-2056-1] DjVuLibre vulnerability (08.01.2014)

HP SAN Network Advisor code execution
Published:08.01.2014
Source:
SecurityVulns ID:13490
Type:remote
Threat Level:
5/10
CVE:CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.)
Original documentdocumentHP, [security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution (08.01.2014)

Samba buffer overflow
Published:08.01.2014
Source:
SecurityVulns ID:13492
Type:remote
Threat Level:
8/10
Description:Buffer overflow on DCE-RPC packet parsing.
Affected:SAMBA : Samba 4.1
CVE:CVE-2013-4475 (Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).)
 CVE-2013-4408 (Buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.)

EMC NetWorker information leakage
Published:08.01.2014
Source:
SecurityVulns ID:13493
Type:remote
Threat Level:
5/10
Description:Cleartext password in audit reports.
Affected:EMC : NetWorker 8.0
CVE:CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via (1) unspecified NMC audit reports or (2) requests to RAP resources.)
Original documentdocumentEMC, ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability (08.01.2014)

EMC RSA Security Analytics vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13494
Type:remote
Threat Level:
5/10
Description:Privilege escalation.
Affected:EMC : RSA Security Analytics 10.2
CVE:CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.)
Original documentdocumentEMC, ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities (08.01.2014)

EMC Data Protection Advisor / Connectrix Manager security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13495
Type:remote
Threat Level:
6/10
Description:Code execution.
CVE:CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) 5.2.0, Web Platform (EWP) 5.2.0, and BRMS Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.)
Original documentdocumentEMC, ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities (08.01.2014)
 documentrgod, EMC Data Protection Advisor DPA Illuminator EJBInvokerServlet Remote Code Execution (08.01.2014)
 documentEMC, ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability (08.01.2014)

EMC RSA Archer crossite scripting
Published:08.01.2014
Source:
SecurityVulns ID:13496
Type:remote
Threat Level:
5/10
Description:Multiple XSS conditions.
Affected:EMC : RSA Archer GRC 5.4
CVE:CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentEMC, ESA-2013-079: RSA ArcherĀ® GRC Multiple Cross-Site Scripting Vulnerabilities (08.01.2014)

EMC Replication Manager directory traversal
Published:08.01.2014
Source:
SecurityVulns ID:13497
Type:remote
Threat Level:
5/10
Description:Directory traversal via user scripts.
Affected:EMC : Replication Manager 5.4
CVE:CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory.)
Original documentdocumentEMC, ESA-2013-092: EMC Replication Manager Unquoted File Path Enumeration Vulnerability (08.01.2014)

EMC Watch4net information leakage
Published:08.01.2014
Source:
SecurityVulns ID:13498
Type:remote
Threat Level:
5/10
Description:Devices passwords are stored in cleartext.
Affected:EMC : Watch4Net 6.2
CVE:CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.)
Original documentdocumentEMC, ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability (08.01.2014)

HP Officejet Pro 8500 crossite scripting
Published:08.01.2014
Source:
SecurityVulns ID:13499
Type:remote
Threat Level:
5/10
Description:Crossite scripting in web interface
Affected:HP : Officejet Pro 8500
CVE:CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) (08.01.2014)

clutter privilege escalation
Published:08.01.2014
Source:
SecurityVulns ID:13500
Type:local
Threat Level:
5/10
Description:Invalid handling of system resume.
Affected:CLUTTER : Clutter 1.10
CVE:CVE-2013-2190 (The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:255 ] clutter (08.01.2014)

HP ProCurve Manager multiple security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13501
Type:remote
Threat Level:
5/10
Description:Crossite scripting, code execution.
Affected:HP : ProCurve Manager 4.0
CVE:CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.)
 CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.)
 CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.)
 CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760.)
 CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.)
 CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.)
Original documentdocumentHP, [security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse (08.01.2014)

VMware vSphere multiple security vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13502
Type:remote
Threat Level:
5/10
Description:DoS, privilege escalation.
Affected:VMWARE : ESX 4.1
 VMWARE : vCenter Server 5.0
 VMWARE : ESXi 5.0
CVE:CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.)
 CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic.)
Original documentdocumentVMWARE, NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities (08.01.2014)

SpamTitan multiple securtity vulnerabilities
Published:08.01.2014
Source:
SecurityVulns ID:13503
Type:remote
Threat Level:
6/10
Description:Crossite scripting, SQL injection, code execution.
Affected:SPAMTITAN : SpamTitan 5.13
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131015-0 :: Multiple vulnerabilities in SpamTitan (08.01.2014)

Feeder.co Chrome plugin crossite scripting
Published:08.01.2014
Source:
SecurityVulns ID:13504
Type:client
Threat Level:
5/10
Description:Crossite scripting via RSS
Affected:FEEDERCO : Feeder.co 5.2
Original documentdocumentVulnerability Lab, Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability (08.01.2014)

MobileIron crossite scripting
Published:08.01.2014
Source:
SecurityVulns ID:13506
Type:remote
Threat Level:
5/10
Description:Crossite scripting in web interface.
Affected:MOBILEIRON : MobileIron 4.5
Original documentdocumentMarc Ruef, [scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting (08.01.2014)

memcached multiple security vulnerabilities
updated since 08.01.2014
Published:29.01.2014
Source:
SecurityVulns ID:13479
Type:remote
Threat Level:
6/10
Description:Authentication bypass if SASL is used, few DoS conditions.
Affected:MEMCACHED : memcached 1.4
CVE:CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290.)
 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.)
 CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.)
 CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:010 ] memcached (29.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2832-1] memcached security update (08.01.2014)

HP Operations Orchestration security vulnerabilities
updated since 08.01.2014
Published:03.03.2014
Source:
SecurityVulns ID:13491
Type:remote
Threat Level:
5/10
Description:XSS, CSRF, unauthorized access.
Affected:HP : HP Operations Orchestration 9
 HP : HP Operations Orchestration 10.01
CVE:CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
 CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.)
Original documentdocumentHP, [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information (03.03.2014)
 documentHP, [security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) (08.01.2014)

OpenXchange crossite scripting
updated since 08.01.2014
Published:24.03.2014
Source:
SecurityVulns ID:13485
Type:remote
Threat Level:
5/10
Description:Crossite scripting on MS Office and EML documents viewing.
CVE:CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.)
 CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header in an attached SVG file.)
 CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.)
 CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers.")
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2014-02-10 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-03-17 (24.03.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-17 (19.01.2014)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2014-01-06 (08.01.2014)

Linux kernel security vulnerabilities
updated since 08.01.2014
Published:31.03.2014
Source:
SecurityVulns ID:13475
Type:library
Threat Level:
9/10
Description:ptrace information leakage, debug functions privilege escalation, cprng weak PRNG, networking dissector DoS, multiple integer overflows, buffer overlows in WiMax, USB and different devices drivers, UDP fragmentation offload uninitialized memory, privilege escalations. NAT conntrack information leakage.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.11
 LINUX : kernel 3.12
CVE:CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.)
 CVE-2014-1874 (The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.)
 CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.)
 CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.)
 CVE-2014-1438 (The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.)
 CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.)
 CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.)
 CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.)
 CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.)
 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.)
 CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.)
 CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.)
 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.)
 CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.)
 CVE-2013-6378 (The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.)
 CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.)
 CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.)
 CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.)
 CVE-2013-4588 (Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function.)
 CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.)
 CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.)
 CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.)
 CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.)
 CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.)
 CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.)
 CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.)
 CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.)
 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data.)
 CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.)
 CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.)
 CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.)
Original documentdocumentUBUNTU, [USN-2140-1] Linux kernel vulnerabilities (31.03.2014)
 documentMANDRIVA, [ MDVSA-2014:038 ] kernel (18.02.2014)
 documentUBUNTU, [USN-2096-1] Linux kernel vulnerability (01.02.2014)
 documentMANDRIVA, [ MDVSA-2014:001 ] kernel (14.01.2014)
 documentUBUNTU, [USN-2075-1] Linux kernel vulnerabilities (08.01.2014)

Different Ruby gems security vulnerabilities
updated since 08.01.2014
Published:04.05.2014
Source:
SecurityVulns ID:13481
Type:library
Threat Level:
5/10
Description:Crossite scripting, code execution, information leakage.
Affected:RUBY : Gem Webbynode 1.0
 RUBY : Gem Bio Basespace SDK 0.1
 RUBY : Gem sprout 0.7
 RUBY : Gem i18n 0.6
 RUBY : Gem Arabic Prawn 0.0
 RUBY : Gem sfpagent 0.4
CVE:CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.)
 CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.)
 CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.)
Original documentdocumentlarry0_(at)_me.com, Remote Command Injection in Ruby Gem sfpagent 0.4.14 (04.05.2014)
 documentlarry0_(at)_me.com, Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (04.05.2014)
 documentlarry0_(at)_me.com, Command injection in Ruby Gem Webbynode 1.0.5.3 (08.01.2014)
 documentlarry0_(at)_me.com, Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line (08.01.2014)
 documentlarry0_(at)_me.com, Command injection vulnerability in Ruby Gem sprout 0.7.246 (08.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2830-1] ruby-i18n security update (08.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod