Computer Security
[EN] securityvulns.ru no-pyccku


libxml2 DoS
updated since 11.03.2013
Published:08.04.2013
Source:
SecurityVulns ID:12938
Type:library
Threat Level:
5/10
Description:CPU exhaustion.
Affected:LIBXML2 : libxml2 2.7
CVE:CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.)
 CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2652-1] libxml2 security update (08.04.2013)
 documentMANDRIVA, [ MDVSA-2013:017 ] libxml2 (11.03.2013)

libav / ffmpeg multiple security vulnerabilities
Published:08.04.2013
Source:
SecurityVulns ID:12983
Type:library
Threat Level:
6/10
Description:Vulnerabilities on multiple media formats parsing.
Affected:FFMPEG : FFmpeg 1.1
CVE:CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.)
 CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.)
 CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.)
 CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.)
Original documentdocumentUBUNTU, [USN-1790-1] Libav vulnerabilities (08.04.2013)

GNU bash buffer overflow
Published:08.04.2013
Source:
SecurityVulns ID:12984
Type:local
Threat Level:
5/10
Description:Buffer overflow in buil-in test command.
Affected:GNU : bash 4.2
CVE:CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:019 ] bash (08.04.2013)

PostgreSQL multiple security vulnerabilities
Published:08.04.2013
Source:
SecurityVulns ID:12985
Type:remote
Threat Level:
5/10
Description:DoS, weak PRNG, privilege escalation.
Affected:POSTGRES : PostgreSQL 8.4
 POSTGRES : PostgreSQL 9.1
 POSTGRES : PostgreSQL 9.2
CVE:CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.)
 CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions.")
 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).)
Original documentdocumentUBUNTU, [USN-1789-1] PostgreSQL vulnerabilities (08.04.2013)

Groovy Media Player buffer overflow
Published:08.04.2013
Source:
SecurityVulns ID:12986
Type:local
Threat Level:
4/10
Description:Buffer overflow on .m3u files parsing.
Affected:BESTWEBSHARING : Groovy Media Player 3.2
CVE:CVE-2013-2760 (Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.)
Original documentdocumentakshay.vaghela_(at)_elitecore.com, Groovy Media Player buffer overflow Vulnerability (08.04.2013)

Novell GroupWise code execution
Published:08.04.2013
Source:
SecurityVulns ID:12987
Type:remote
Threat Level:
7/10
Description:Untrusted pointer dereference.
Affected:NOVELL : GroupWise 8.0
CVE:CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.)
Original documentdocumentHigh-Tech Bridge Security Research, Novell GroupWise Multiple Remote Code Execution Vulnerabilities (08.04.2013)

Google Active Directory Sync Tool weak encryption
Published:08.04.2013
Source:
SecurityVulns ID:12988
Type:local
Threat Level:
4/10
Description:It's possible to decypher stored credentials.
Affected:GOOGLE : Google Active Directory Sync Tool 3.1
Original documentdocumentlists_(at)_senseofsecurity.com, Google AD Sync Tool - Exposure of Sensitive Information Vulnerability - Security Advisory - SOS-13-001 (08.04.2013)

Sophos Web Protection Appliance multiple security vulnerabilities
Published:08.04.2013
Source:
SecurityVulns ID:12989
Type:remote
Threat Level:
5/10
Description:Local files access, commands executions, crossite scripting.
Affected:SOPHOS : Sophos Web Protection Appliance 3.7
CVE:CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.)
 CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality.)
 CVE-2013-2641 (Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web Protection Appliance (08.04.2013)

Netgear WNR1000 authentication bypass
Published:08.04.2013
Source:
SecurityVulns ID:12990
Type:remote
Threat Level:
5/10
Description:It's possible to bypass authentication by adding ?.jpg to filenames.
Affected:NETGEAR : Netgear WNR1000
Original documentdocumentRoberto Paleari, Authentication bypass on Netgear WNR1000 (08.04.2013)

HP ProCurve switches crossite request forgery
Published:08.04.2013
Source:
SecurityVulns ID:12991
Type:remote
Threat Level:
4/10
Affected:HP : ProCurve 1700-8
 HP : ProCurve 1700-24
CVE:CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 (aka J9079A) switches with software before VA.02.09 and 1700-24 (aka J9080A) switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF) (08.04.2013)

GNOME Online Accounts SSL certificate spoofing
Published:08.04.2013
Source:
SecurityVulns ID:12992
Type:m-i-t-m
Threat Level:
5/10
Description:Insufficient certificate check.
Affected:GNOME : Gnome Online Accounts 3.6
 GNOME : Gnome Online Accounts 3.7
CVE:CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.)
 CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.)
Original documentdocumentUBUNTU, [USN-1779-1] GNOME Online Accounts vulnerability (08.04.2013)

Cisco Video Surveillance Operations Manager security vulnerabilities
Published:08.04.2013
Source:
SecurityVulns ID:12993
Type:remote
Threat Level:
5/10
Description:Directory traversal, crossite scripting.
Original documentdocumentb.saleh_(at)_aol.com, Cisco Video Surveillance Operations Manager Multiple vulnerabilities (08.04.2013)

QlikView integer overflow
Published:08.04.2013
Source:
SecurityVulns ID:12994
Type:local
Threat Level:
4/10
Description:Integer overflow on .qvw files parsing.
Affected:QLIKVIEW : QlikView 11.00
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20130313-0 :: QlikView Desktop Client Integer Overflow (08.04.2013)

OpenFabrics ibutils symbolic links vulnerability
Published:08.04.2013
Source:
SecurityVulns ID:12995
Type:local
Threat Level:
4/10
Description:infiniband utility unsafe temporary files creation.
Affected:OPENFABRICS : ibutils 1.5
Original documentdocumentlarry0_(at)_me.com, OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability (08.04.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod