Computer Security
[EN] securityvulns.ru no-pyccku


vlc multiple security vulnerabilities
Published:16.02.2015
Source:
SecurityVulns ID:14270
Type:library
Threat Level:
6/10
Description:Integer overflows, buffer overflows.
Affected:VIDEOLAN : vlc 2.2
CVE:CVE-2014-9630
 CVE-2014-9629
 CVE-2014-9628
 CVE-2014-9627
 CVE-2014-9626
Original documentdocumentDEBIAN, [SECURITY] [DSA 3150-1] vlc security update (16.02.2015)

dbus DoS
Published:16.02.2015
Source:
SecurityVulns ID:14266
Type:local
Threat Level:
3/10
Description:Incorrect errors handling.
Affected:DBUS : dbus 1.9
CVE:CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3161-1] dbus security update (16.02.2015)

Cisco Secure Access Control System SQL injection
Published:16.02.2015
Source:
SecurityVulns ID:14267
Type:remote
Threat Level:
5/10
Description:SQL injection via Web interface
Affected:CISCO : Secure ACS 5.5
CVE:CVE-2015-0580 (Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.)
Files: Cisco Security Advisory Cisco Secure Access Control System SQL Injection Vulnerability

X.Org information disclosure
Published:16.02.2015
Source:
SecurityVulns ID:14268
Type:library
Threat Level:
5/10
Description:XkbSetGeometry information disclosure and DoS.
CVE:CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3160-1] xorg-server security update (16.02.2015)

Open-Xchange restrictions bypass
Published:16.02.2015
Source:
SecurityVulns ID:14265
Type:remote
Threat Level:
5/10
Description:It's possible to bypass file sharing restrictions.
Affected:OPENXCHANGE : Open-Xchange 7.6
CVE:CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier.")
Original documentdocumentmartin.heiland_(at)_open-xchange.com, Open-Xchange Security Advisory 2015-02-12 (16.02.2015)

perl-Gtk2 use-after-free
Published:16.02.2015
Source:
SecurityVulns ID:14264
Type:library
Threat Level:
5/10
Description:Gtk2::Gdk::Display::list_devices use-after-free.
Affected:PERL : perl-Gtk2 1.242
Original documentdocumentMANDRIVA, [ MDVSA-2015:044 ] perl-Gtk2 (16.02.2015)

libmspack / cabextract DoS
Published:16.02.2015
Source:
SecurityVulns ID:14269
Type:library
Threat Level:
5/10
Description:Infinite loop on extraction.
Affected:LIBMSPACK : libmspack 0.4
CVE:CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:041 ] cabextract (16.02.2015)

libext2fs / e2fsprogs buffer overflow
updated since 16.02.2015
Published:08.03.2015
Source:
SecurityVulns ID:14263
Type:library
Threat Level:
5/10
Description:Buffer overflow on block group descriptor information.
Affected:E2FS : e2fsprogs 1.42
CVE:CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.)
 CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.)
Original documentdocumentUBUNTU, [USN-2507-1] e2fsprogs vulnerabilities (08.03.2015)
 documentAndrea Barisani, [oCERT-2015-002] e2fsprogs input sanitization errors (16.02.2015)
 documentMANDRIVA, [ MDVSA-2015:045 ] e2fsprogs (16.02.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod