Computer Security
[EN] securityvulns.ru no-pyccku


miniupnpc buffer overflow
Published:13.06.2014
Source:
SecurityVulns ID:13824
Type:library
Threat Level:
5/10
Description:Signed to unsigned conversion leads to buffer overflow.
CVE:CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.)
Original documentdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: possible miniupnpc buffer overflow (13.06.2014)

dpkg directory traversal
Published:13.06.2014
Source:
SecurityVulns ID:13825
Type:remote
Threat Level:
6/10
Affected:DPKG : dpkg-dev 1.3
CVE:CVE-2014-3865 (Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.)
 CVE-2014-3864 (Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.)
 CVE-2014-3127 (dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.)
Original documentdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: another path traversal in dpkg-source during unpack (13.06.2014)

Linux syscall auditing DoS
Published:13.06.2014
Source:
SecurityVulns ID:13816
Type:local
Threat Level:
5/10
Description:System crash on audited syscall with large number.
CVE:CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.)
Original documentdocumentAndy Lutomirski, [oss-security] CVE request: Linux kernel DoS with syscall auditing (13.06.2014)

Asterisk multiple security vulnerabilities
Published:13.06.2014
Source:
SecurityVulns ID:13817
Type:remote
Threat Level:
7/10
Description:DoS, restrictions bypass, code execution.
Affected:ASTERISK : Asterisk 12.3
CVE:CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.)
 CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.)
 CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.)
 CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.)
Original documentdocumentASTERISK, AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions (13.06.2014)
 documentASTERISK, AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections (13.06.2014)
 documentASTERISK, AST-2014-006: Asterisk Manager User Unauthorized Shell Access (13.06.2014)
 documentASTERISK, AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework (13.06.2014)

apt insufficient certificate validation
Published:13.06.2014
Source:
SecurityVulns ID:13818
Type:m-i-t-m
Threat Level:
5/10
Description:Insufficient certificate validation during apt-get source
Affected:APT : apt 1.0
CVE:CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2958-1] apt security update (13.06.2014)

Yealink VoIP phones security vulnerabilities
Published:13.06.2014
Source:
SecurityVulns ID:13819
Type:remote
Threat Level:
4/10
Description:Crossite scripting, CRLF injection.
CVE:CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.)
 CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.)
Original documentdocumentjoquendo_(at)_e-fensive.net, CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones (13.06.2014)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:13.06.2014
Source:
SecurityVulns ID:13820
Type:client
Threat Level:
7/10
Description:Buffer overflows, memory corruptions, clickjacking.
Affected:MOZILLA : nspr 4.10
 MOZILLA : Firefox 24.5
 MOZILLA : Firefox 29
 MOZILLA : Thunderbird 24.5
CVE:CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.)
 CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.)
 CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.)
 CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.)
 CVE-2014-1540 (Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.)
 CVE-2014-1539 (Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.)
 CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2014-1537 (Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.)
 CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
Files:Mozilla Foundation Security Advisory 2014-48
 Mozilla Foundation Security Advisory 2014-49
 Mozilla Foundation Security Advisory 2014-50
 Mozilla Foundation Security Advisory 2014-51
 Mozilla Foundation Security Advisory 2014-52
 Mozilla Foundation Security Advisory 2014-53
 Mozilla Foundation Security Advisory 2014-54
 Mozilla Foundation Security Advisory 2014-55

Cisco IOS XR DoS
Published:13.06.2014
Source:
SecurityVulns ID:13821
Type:remote
Threat Level:
6/10
Description:DoS via IPv6 packet.
CVE:CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.)
Files:Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

IBM AIX privilege escalation
Published:13.06.2014
Source:
SecurityVulns ID:13822
Type:local
Threat Level:
6/10
Description:libodm insecure files creation.
Affected:IBM : AIX 7.1
CVE:CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-3977 - Privilege Escalation in IBM AIX (13.06.2014)

HP Service Virtualization code execution
Published:13.06.2014
Source:
SecurityVulns ID:13823
Type:remote
Threat Level:
5/10
Description:Code execution via AutoPass License Server
Affected:HP : HP Service Virtualization 3.50
CVE:CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.)
Original documentdocumentHP, [security bulletin] HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution (13.06.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod