Computer Security
[EN] securityvulns.ru no-pyccku


QEMU multiple security vulnerabilities
updated since 04.05.2014
Published:15.05.2014
Source:
SecurityVulns ID:13705
Type:local
Threat Level:
6/10
Description:DoS, memory corruptions, buffer overflow.
Affected:QEMU : QEMU 2.0
CVE:CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks.")
 CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.)
 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.)
 CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.)
 CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.)
 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.)
 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.)
 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.)
 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_index value.)
Original documentdocumentcve-assign_(at)_mitre.org, [oss-security] Re: CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size (15.05.2014)
 documentP J P, [oss-security] CVE-2014-0222 Qemu: qcow1: Validate L2 table size (15.05.2014)
 documentP J P, [oss-security] CVE request: Qemu: usb: fix up post load checks (15.05.2014)
 documentUBUNTU, [USN-2182-1] QEMU vulnerabilities (04.05.2014)

libXfont multiple security vulnerabilities
Published:15.05.2014
Source:
SecurityVulns ID:13772
Type:library
Threat Level:
6/10
Description:DoS, memory corruptions.
Affected:LIBXFONT : libXfont 1.4
CVE:CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.)
 CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.)
 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.)
Original documentdocumentAlan Coopersmith, [oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont (15.05.2014)
 documentUBUNTU, [USN-2211-1] libXfont vulnerabilities (15.05.2014)

ldns weak permissions
Published:15.05.2014
Source:
SecurityVulns ID:13774
Type:local
Threat Level:
4/10
Description:ldns-keygen can create world-readable private key file.
Affected:LDNS : ldns 1.6
CVE:CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:085 ] ldns (15.05.2014)

RSA NetWitness / RSA Security Analytics authentication bypass
Published:15.05.2014
Source:
SecurityVulns ID:13775
Type:remote
Threat Level:
6/10
Description:Under some conditions, login with empty password is allowed.
Affected:EMC : RSA NetWitness 9.8
 EMC : RSA Security Analytics 10.3
CVE:CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.)
Original documentdocumentEMC, ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability (15.05.2014)

EMC Documentum Foundation Services uneuthorized access
Published:15.05.2014
Source:
SecurityVulns ID:13776
Type:remote
Threat Level:
6/10
Description:Unauthorized files access.
Affected:EMC : Documentum Foundation Services 7.1
 EMC : My Documentum 6.7
 EMC : CenterStage 1.2
CVE:CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.)
Original documentdocumentEMC, ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability (15.05.2014)

BROADCOM PIPA C211 authentication bypass
Published:15.05.2014
Source:
SecurityVulns ID:13777
Type:remote
Threat Level:
5/10
Description:Device configuration may be accessed without authentication.
Affected:BROADCOM : Broadcom PIPA C211
CVE:CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.)
Original documentdocumentadvisories_(at)_portcullis-security.com, CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 (15.05.2014)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:15.05.2014
Source:
SecurityVulns ID:13778
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DJANGO : django 1.7
 FOG : FOG 0.32
 COBBLER : Cobbler 2.6
 EGROUPWARE : eGroupware 1.8
 PUPLATE : Pyplate 0.8
 DJANGO : django 1.6
 DRUPAL : Flag 7.x-3.5
 OPENFILER : OpenFiler 2.99
 MUMBLE : Mumble 1.2
CVE:CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.)
 CVE-2014-3744
 CVE-2014-3743
 CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.)
 CVE-2014-3741
 CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.)
 CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com.")
 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.)
 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.)
 CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.)
 CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.)
 CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.)
 CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.)
 CVE-2013-7381
 CVE-2013-7380
 CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.)
 CVE-2013-7378
 CVE-2013-7377
 CVE-2013-7371
 CVE-2013-7370
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
 CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.)
Original documentdocumentDolev Farhi, [oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS (15.05.2014)
 documentMikkel Krautz, [oss-security] Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 (15.05.2014)
 documentPaul Wise, [oss-security] CVE request: various NodeJS module vulnerabilities (15.05.2014)
 documentMurray McAllister, [oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer (15.05.2014)
 documenthenri_(at)_nerv.fi, [oss-security] CVE request: Pyplate multiple vulnerabilities (15.05.2014)
 documentDolev Farhi, [oss-security] Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities (15.05.2014)
 documentDEBIAN, [oss-security] CVE Reuest: Django: Malformed URLs from user input incorrectly validated (15.05.2014)
 documentDolev Farhi, Multiple Stored XSS in FOG Image deployment system - FD (15.05.2014)
 documentDolev Farhi, FD - Cobbler Arbitrary File Read CVE-2014-3225 (15.05.2014)

Xen buffer overflow
Published:15.05.2014
Source:
SecurityVulns ID:13779
Type:local
Threat Level:
5/10
Description:Buffer overflow on guest system kernel image loading.
Affected:XEN : Xen 4.4
CVE:CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow.)
 CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.)
 CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB.)
 CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow.)
Original documentdocumentXEN, [oss-security] Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM (15.05.2014)

EncFS multiple cryptography vulnerabilities
Published:15.05.2014
Source:
SecurityVulns ID:13780
Type:library
Threat Level:
5/10
Description:Multiple vulnerabilities.
Affected:ENCFS : EncFS 1.7
CVE:CVE-2014-3462
Original documentdocumentMurray McAllister, [oss-security] A number of EncFS issues (15.05.2014)
Files:EncFS Security Audit

seunshare privileges escalation
Published:15.05.2014
Source:
SecurityVulns ID:13781
Type:local
Threat Level:
5/10
Description:Insufficient privileges drop.
Affected:POLICYCOREUTILS : policycoreutils 2.2
CVE:CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.)
Original documentdocumentcve-assign_(at)_mitre.org, [oss-security] Re: local privilege escalation due to capng_lock as used in seunshare (15.05.2014)

libgadu buffer overflow
Published:15.05.2014
Source:
SecurityVulns ID:13782
Type:library
Threat Level:
5/10
Description:Buffer overflow on server response parsing.
Affected:LIBGADU : libgadu 1.11
CVE:CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.)
Original documentdocumentMarcin Owsiany, [oss-security] libgadu vulnerability: possible memory corruption (15.05.2014)

libpng security vulnerabilities
updated since 15.05.2014
Published:20.04.2015
Source:
SecurityVulns ID:13773
Type:library
Threat Level:
6/10
Description:Few integer overflows lead to heap buffer overrun.
Affected:libpng : libpng 1.5
CVE:CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.)
 CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.)
 CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.)
 CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:090 ] libpng (20.04.2015)
 documentMANDRIVA, [ MDVSA-2014:084 ] libpng (15.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod