Computer Security
[EN] securityvulns.ru no-pyccku


gpsd memory corruption
Published:09.05.2013
Source:
SecurityVulns ID:13070
Type:local
Threat Level:
5/10
Description:Memory corruption on request processing.
Affected:GPSD : gpsd 3.4
CVE:CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.)
Original documentdocumentUBUNTU, [USN-1820-1] gpsd vulnerability (09.05.2013)

Cisco Prime Data Center Network Manager code execution
updated since 02.11.2012
Published:09.05.2013
Source:
SecurityVulns ID:12690
Type:remote
Threat Level:
6/10
Description:TCP/1099 and TCP/9099 services code execution.
Affected:CISCO : Prime Data Center Network Manager 6.1
CVE:CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924.)
Original documentdocumentCISCO, [2.0 Update] Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability (09.05.2013)
Files:Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability

GNU glibc security vulnerabilities
Published:09.05.2013
Source:
SecurityVulns ID:13071
Type:library
Threat Level:
8/10
Description:Buffer overflow in regexec, buffer overflow in getaddrinfo.
Affected:GNU : glibc 2.17
CVE:CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.)
 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:163 ] glibc (09.05.2013)

Mesa / WebGL / libgl buffer overflow
Published:09.05.2013
Source:
SecurityVulns ID:13072
Type:library
Threat Level:
6/10
Description:Heap overflow.
Affected:MESA : libgl 8.0
CVE:CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.)
Original documentdocumentUBUNTU, [USN-1818-1] Mesa vulnerability (09.05.2013)

libxml security vulnerabilities
Published:09.05.2013
Source:
SecurityVulns ID:13073
Type:library
Threat Level:
7/10
Description:Multiple use-after-free vulnerabilities.
Affected:LIBXML : libxml2 2.9
CVE:CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.)
Original documentdocumentUBUNTU, [USN-1817-1] libxml2 vulnerability (09.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod