Computer Security
[EN] securityvulns.ru no-pyccku


spice memory corruption
Published:11.10.2015
Source:
SecurityVulns ID:14706
Type:library
Threat Level:
5/10
Description:Few different vulnerabilities.
Affected:SPICE : spice 0.12
CVE:CVE-2015-5261
 CVE-2015-5260
Original documentdocumentDEBIAN, [SECURITY] [DSA 3371-1] spice security update (11.10.2015)

FreeType DoS
Published:11.10.2015
Source:
SecurityVulns ID:14707
Type:library
Threat Level:
5/10
Description:Crash on fonts parsing.
Affected:FREETYPE : FreeType 2.5
CVE:CVE-2014-9747
 CVE-2014-9746
 CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3370-1] freetype security update (11.10.2015)

Oxide security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14708
Type:client
Threat Level:
5/10
Description:Restrictions bypass.
Affected:OXIDE : oxide 1.0
CVE:CVE-2015-1304 (object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.)
 CVE-2015-1303 (bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.)
Original documentdocumentUBUNTU, [USN-2757-1] Oxide vulnerabilities (11.10.2015)

Tenda routers crossite scripting
Published:11.10.2015
Source:
SecurityVulns ID:14709
Type:remote
Threat Level:
4/10
Description:Crossite scripting in web interface.
Affected:TENDA : Tenda W150D
Original documentdocumentVulnerability Lab, W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability (11.10.2015)

Veeam Backup & Replication information disclosure
Published:11.10.2015
Source:
SecurityVulns ID:14710
Type:local
Threat Level:
5/10
Description:Password disclosure in the logfiles.
Affected:VEEAM : Veeam Backup & Replication 8
CVE:CVE-2015-5742 (VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.)
Original documentdocumentascii, Veeam Backup & Replication Local Privilege Escalation Vulnerability (11.10.2015)

Buffalo LinkStation authentication bypass
Published:11.10.2015
Source:
SecurityVulns ID:14711
Type:remote
Threat Level:
5/10
Description:Session validity is not checked on request.
Affected:BUFFALO : Buffalo LinkStation 1.70
Original documentdocumentRedTeam Pentesting, [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass (11.10.2015)

Huawei routers multiple security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14712
Type:remote
Threat Level:
5/10
Description:XSS, CSRF, DoS, unsafe data transfer, RCE.
Original documentdocumentPierre Kim, A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE (11.10.2015)

Netgear routers multiple security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14713
Type:remote
Threat Level:
5/10
Description:Administration interface is accessible without password validation, CSRF.
Affected:NETGEAR : Netgear N300
Original documentdocumentAlexandre Herzog, Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img (11.10.2015)

ZTE GPON security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14714
Type:remote
Threat Level:
5/10
Description:Authentication bypass, information leakage.
Affected:ZTE : ZTE GPON F427
Original documentdocumentjerzy.patraszewski_(at)_gmail.com, ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage (11.10.2015)

OpenSMTPD multiple security vulnerabilities
Published:11.10.2015
Source:
SecurityVulns ID:14715
Type:remote
Threat Level:
6/10
Description:DoS conditions, information disclosure, multiple memory corruptions.
Affected:OPENSMTPD : OpenSMTPD 5.7
Original documentdocumentQualys Security Advisory, Qualys Security Advisory - OpenSMTPD Audit Report (11.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod