Computer Security
[EN] securityvulns.ru no-pyccku


Google Chrome / Chromium multiple security vulnerabilities
updated since 05.05.2014
Published:09.06.2014
Source:
SecurityVulns ID:13748
Type:client
Threat Level:
7/10
Description:Protection bypass, use-after-free, memory corruptions, integer overflow.
Affected:GOOGLE : Chrome 34.0
 CHROMIUM : Chromium 34.0
CVE:CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.)
 CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.)
 CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS).")
 CVE-2014-1746 (The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.)
 CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.)
 CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.)
 CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.)
 CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.)
 CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.)
 CVE-2014-1740 (Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.)
 CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.)
 CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.)
 CVE-2014-1732 (Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.)
 CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.)
 CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2939-1] chromium-browser security update (09.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2930-1] chromium-browser security update (30.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2920-1] chromium-browser security update (05.05.2014)

Adobe Reader / Acrobat multiple security vulnerabilities
updated since 29.05.2014
Published:09.06.2014
Source:
SecurityVulns ID:13784
Type:client
Threat Level:
8/10
Description:Buffer overflows, memory corruptions, information disclosures, use-after-free.
Affected:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
 ADOBE : Reader 11.0
 ADOBE : Acrobat 11.0
CVE:CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0524.)
 CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls.)
 CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0526.)
 CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0524, and CVE-2014-0526.)
 CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526.)
 CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document.)
 CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
 CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.)
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own) (09.06.2014)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) (29.05.2014)
Files:Security Updates available for Adobe Reader and Acrobat

FreeBSD DoS
Published:09.06.2014
Source:
SecurityVulns ID:13811
Type:local
Threat Level:
5/10
Description:Race conditions on threads context switching.
Affected:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.2
 FREEBSD : FreeBSD 10.0
CVE:CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.)
Original documentdocumentFREEBSD, triple-fault when executing from a threaded process (09.06.2014)

Linux privilege escalation
Published:09.06.2014
Source:
SecurityVulns ID:13812
Type:local
Threat Level:
7/10
Description:ring 0 code execution via futex syscall.
Affected:LINUX : kernel 2.6
 LINUX : kernel 3.13
CVE:CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.)
Original documentdocumentSolar Designer, [oss-security] Linux kernel futex local privilege escalation (CVE-2014-3153) (09.06.2014)

mupdf buffer overflow
Published:09.06.2014
Source:
SecurityVulns ID:13813
Type:local
Threat Level:
5/10
Description:Buffer overflow on XPS parsing.
Affected:MUPDF : MuPDF 1.3
CVE:CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2951-1] mupdf security update (09.06.2014)

libav multiple security vulnerabilities
Published:09.06.2014
Source:
SecurityVulns ID:13814
Type:library
Threat Level:
6/10
Affected:LIBAV : libav 0.8
 LIBAV : libav 10.1
CVE:CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2947-1] libav security update (09.06.2014)

chkrootkit privilege escalation
Published:09.06.2014
Source:
SecurityVulns ID:13815
Type:local
Threat Level:
5/10
Description:It's possible to execute file from /tmp
Affected:CHKROOTKIT : chkrootkit 0.49
CVE:CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.)
Original documentdocumentDEBIAN, [oss-security] CVE-2014-0476 chkrootkit vulnerability (09.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod