Computer Security
[EN] securityvulns.ru no-pyccku


ark archiver directory traversal
Published:10.10.2011
Source:
SecurityVulns ID:11951
Type:local
Threat Level:
4/10
Description:Directory traversal during archive extraction.
CVE:CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.)
Original documentdocumentTim Brown, Medium severity flaw with Ark (10.10.2011)

UI spoofing in different QT applications
Published:10.10.2011
Source:
SecurityVulns ID:11952
Type:library
Threat Level:
3/10
Description:Using Qt QLabel class to display security critical information allows interface spoofing.
CVE:CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
 CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
 CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.)
Original documentdocumentTim Brown, Low severity flaw in various applications including KSSL, Rekonq, Arora, Psi IM (10.10.2011)

Google Chrome security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11953
Type:client
Threat Level:
6/10
Description:Memory corruption on WebKit functions.
Affected:GOOGLE : Chrome 14.0
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability (10.10.2011)
 documentVUPEN Security Research, VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability (10.10.2011)

Anatomy Keyview multiple security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11954
Type:library
Threat Level:
6/10
Description:Memory corruption, integer overflow, buffer overflow.
Affected:ANATOMY : Keyview 7.4
 ANATOMY : Keyview 9.2
 ANATOMY : Keyview 10.13
CVE:CVE-2011-0339
 CVE-2011-0338
 CVE-2011-0337
Original documentdocumentSECUNIA, Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability (10.10.2011)
 documentSECUNIA, Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow (10.10.2011)
 documentSECUNIA, Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability (10.10.2011)

cyrus-imapd nntp server security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11955
Type:remote
Threat Level:
6/10
Description:Buffer overflow, auuthentication bypass.
Affected:CYRUS : cyrus-imapd 2.3
 CYRUS : cyrus-imapd 2.4
CVE:CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.)
 CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.)
Original documentdocumentSECUNIA, Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability (10.10.2011)
 documentDEBIAN, [SECURITY] [DSA 2318-1] cyrus-imapd-2.2 security update (10.10.2011)

rpm multiple security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11956
Type:local
Threat Level:
3/10
Description:Multiple vulnerabilities on RPM file header parsing.
Affected:REDHAT : rpm 4.4
CVE:CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.)
Original documentdocumentMANDRIVA, [ MDVSA-2011:143 ] rpm (10.10.2011)

quagga route daemon multiple security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11957
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions on OSPF and BGP packets parsing.
Affected:QUAGGA : quagga 0.99
CVE:CVE-2012-1820 (The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.)
 CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).)
 CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.)
 CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.)
 CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.)
 CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.)
 CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.)
 CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.)
 CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2316-1] quagga security update (10.10.2011)

OpenOffice multiple security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11958
Type:client
Threat Level:
5/10
Description:Multiple memmory corruptions on .doc files import.
Affected:OPENOFFICE : OpenOffice 2.4
 OPENOFFICE : OpenOffice 3.2
CVE:CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2315-1] openoffice.org security update (10.10.2011)

Cisco ASA / Cisco FSM multiple security vulnerabilities
Published:10.10.2011
Source:
SecurityVulns ID:11959
Type:remote
Threat Level:
7/10
Description:Multiple vulnerabilities in MSN, ILS and Sun RPC parsing, authentication bypass in TACACS+.
Affected:CISCO : Cisco 7600
 CISCO : Cisco Catalyst 6500
 CISCO : Cisco ASA 5500
CVE:CVE-2011-3304 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486.)
 CVE-2011-3303 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802.)
 CVE-2011-3302 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92398 and CSCtq09989.)
 CVE-2011-3301 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986.)
 CVE-2011-3300 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06065 and CSCtq09978.)
 CVE-2011-3299 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972.)
 CVE-2011-3298 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.)
 CVE-2011-3297 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.)
 CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875.)
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module (10.10.2011)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module (10.10.2011)

Cisco Network Admission Control Manager directory traversal
Published:10.10.2011
Source:
SecurityVulns ID:11960
Type:remote
Threat Level:
5/10
Description:HTTPS directory traversal.
Affected:CISCO : Cisco Network Admission Control Manager 4.8
CVE:CVE-2011-3305 (Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.)
Original documentdocumentCISCO, Cisco Security Advisory: Directory Traversal Vulnerability in Cisco Network Admission Control Manager (10.10.2011)

VMWare buffer overflow
Published:10.10.2011
Source:
SecurityVulns ID:11961
Type:local
Threat Level:
5/10
Description:Buffer overflow on UDF file system import.
Affected:VMWARE : VMware Workstation 7.1
 VMWARE : VMware Player 3.1
 VMWARE : VMware Fusion 3.1
CVE:CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image.)
Original documentdocumentVMWARE, VMSA-2011-0011 VMware hosted products address remote code execution vulnerability (10.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod