Computer Security
[EN] securityvulns.ru no-pyccku


Apache Subversion DoS
updated since 23.12.2014
Published:13.01.2015
Source:
SecurityVulns ID:14176
Type:remote
Threat Level:
6/10
Description:mod_dav_svn NULL pointer dereference on REPORT request processing.
Affected:APACHE : Subversion 1.8
CVE:CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.)
 CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:005 ] subversion (13.01.2015)
 documentDEBIAN, [SECURITY] [DSA 3107-1] subversion security update (23.12.2014)

ZTE Ucell 3G Modem App / Datacard privilege escalation
updated since 29.12.2014
Published:13.01.2015
Source:
SecurityVulns ID:14179
Type:local
Threat Level:
5/10
Description:Weak permissions for sustem service files.
Affected:ZTE : Datacard MF180
 ZTE : Datacard MF19
Original documentdocumentVulnerability Lab, ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities (13.01.2015)
 documentVulnerability Lab, ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities (13.01.2015)
 documentVulnerability Lab, ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability (29.12.2014)

OpenSSL multiple security vulnerabilities
Published:13.01.2015
Source:
SecurityVulns ID:14192
Type:library
Threat Level:
8/10
Description:DoS, incorrect fingerprint handling, insufficient certificates validation, downgrade attacks, authentication bypass.
Affected:OPENSSL : OpenSSL 1.0
 OPENSSL : OpenSSL 0.9
CVE:CVE-2015-0206 (Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.)
 CVE-2015-0205 (The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.)
 CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.)
 CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.)
 CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.)
 CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.)
 CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.)
 CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix.)
Original documentdocumentUBUNTU, [USN-2459-1] OpenSSL vulnerabilities (13.01.2015)

libssh double free vulnerability
Published:13.01.2015
Source:
SecurityVulns ID:14193
Type:library
Threat Level:
6/10
Description:ssh_packet_kexinit() double free() vulnerability.
Affected:LIBSSH : libssh 0.6
CVE:CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:020 ] libssh (13.01.2015)

libCurl headers injection
Published:13.01.2015
Source:
SecurityVulns ID:14194
Type:library
Threat Level:
5/10
Description:Headers injections in URL.
Affected:LIBCURL : libcurl 7.39
CVE:CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:021 ] curl (13.01.2015)

wireshark multiple security vulnerabilities
Published:13.01.2015
Source:
SecurityVulns ID:14195
Type:remote
Threat Level:
5/10
Description:Memory corruptions in multiple protocols dessectors.
Affected:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.)
 CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-0562 (Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:022 ] wireshark (13.01.2015)

Corel multiple appliucations unsafe DLL search path
Published:13.01.2015
Source:
SecurityVulns ID:14196
Type:local
Threat Level:
5/10
Description:Unsafe DLL search path.
Affected:COREL : Photo-Paint X7
 COREL : Corel CAD 2014
 COREL : PaintShop Pro X7
 COREL : Corel Painter 2015
 COREL : VideoStudio PRO X7
 COREL : DRAW X7
CVE:CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed.)
 CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory.)
 CVE-2014-8393
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, Corel Software DLL Hijacking (13.01.2015)

libevent integer overflow
Published:13.01.2015
Source:
SecurityVulns ID:14198
Type:remote
Threat Level:
5/10
Description:evbuffers integer overflow.
Affected:LIBEVENT : libevent 2.0
CVE:CVE-2014-6272 (Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.)
Original documentdocumentsecurity_(at)_mandriva.com, [ MDVSA-2015:017 ] libevent (13.01.2015)

libjpeg buffer overflow
Published:13.01.2015
Source:
SecurityVulns ID:14199
Type:library
Threat Level:
7/10
Description:Stack overrun.
Affected:LIBJPEG : libjpeg 1.2
CVE:CVE-2014-9092
Original documentdocumentMANDRIVA, [ MDVSA-2015:014 ] libjpeg (13.01.2015)

Multiple znc security vulnerabilities
Published:13.01.2015
Source:
SecurityVulns ID:14200
Type:remote
Threat Level:
5/10
Description:Multiple DoS conditions.
Affected:ZNC : znc 1.3
 ZNC : znc 1.0
CVE:CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.)
 CVE-2013-2130 (ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:013 ] znc (13.01.2015)

MIT Kerberos 5 DoS
Published:13.01.2015
Source:
SecurityVulns ID:14201
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference then LDAP is used.
Affected:MIT : krb5 1.13
CVE:CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:009 ] krb5 (13.01.2015)

pwgen weak passwords generation
Published:13.01.2015
Source:
SecurityVulns ID:14202
Type:library
Threat Level:
5/10
Description:Weak passwords generation, weak PRNG usage.
Affected:PWGEN : pwgen 2.06
CVE:CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.)
 CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:008 ] pwgen (13.01.2015)

unrtf memory corruption
Published:13.01.2015
Source:
SecurityVulns ID:14203
Type:library
Threat Level:
5/10
Description:Memory corruption on RTF parsing.
Affected:UNRTF : unRTF 0.21
CVE:CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.)
 CVE-2014-9274 (UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".)
Original documentdocumentMANDRIVA, [ MDVSA-2015:007 ] unrtf (13.01.2015)

exivw library DoS
Published:13.01.2015
Source:
SecurityVulns ID:14204
Type:library
Threat Level:
5/10
Description:Crash on videofiles parsing.
Affected:EXIV2 : Exiv2 0.24
CVE:CVE-2014-9449 (Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.)
Original documentdocumentUBUNTU, [USN-2454-1] Exiv2 vulnerability (13.01.2015)

PCRE buffer overflow
Published:13.01.2015
Source:
SecurityVulns ID:14205
Type:library
Threat Level:
5/10
Description:Buffer overflow on regular expressions parsing.
Affected:PCRE : PCRE 8.36
CVE:CVE-2014-8964 (Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:002 ] pcre (13.01.2015)

Strongswan DoS
Published:13.01.2015
Source:
SecurityVulns ID:14206
Type:remote
Threat Level:
5/10
Description:DoS on IKEv2 key exchange.
Affected:STRONGSWAN : strongSwan 5.2
CVE:CVE-2014-9221 (strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3118-1] strongswan security update (13.01.2015)

OpenXchange XSS
Published:13.01.2015
Source:
SecurityVulns ID:14207
Type:remote
Threat Level:
5/10
Description:Dangerous content from application/xhtml+xml is not removed.
Affected:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite before 7.4.2-rev40, 7.6.0 before 7.6.0-rev32, and 7.6.1 before 7.6.1-rev11 allows remote attackers to inject arbitrary web script or HTML via a crafted XHTML file with the application/xhtml+xml MIME type.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2015-01-05 (13.01.2015)

Asterisk DoS
updated since 13.01.2015
Published:02.02.2015
Source:
SecurityVulns ID:14197
Type:remote
Threat Level:
5/10
Description:Crash on empty WebSocket frame. File descriptor leak on incompatible codecs.
Affected:ASTERISK : Asterisk 13.0
CVE:CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.)
Original documentdocumentASTERISK, AST-2015-001: File descriptor leak when incompatible codecs are offered (02.02.2015)
 documentMANDRIVA, [ MDVSA-2015:018 ] asterisk (13.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod