Computer Security
[EN] securityvulns.ru no-pyccku


EMC RSA Certificate Manager / Registration Manager multiple security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14313
Type:remote
Threat Level:
5/10
Description:DoS, crossite scripting.
Affected:EMC : RSA Certificate Manager 6.9
 EMC : RSA Registration Manager 6.9
CVE:CVE-2015-0523 (EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.)
 CVE-2015-0522 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.)
 CVE-2015-0521 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.)
 CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.)
Original documentdocumentEMC, ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities (16.03.2015)

MongoDB DoS
Published:16.03.2015
Source:
SecurityVulns ID:14321
Type:remote
Threat Level:
5/10
Description:Crash on BSON parsing.
Affected:MONGODB : MongoDB 3.0
 MONGODB : MongoDB 2.6
CVE:CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.)
Original documentdocumentnoreply-secresearch_(at)_fortinet.com, MongoDB BSON Handling Remote Denial of Service Vulnerability (16.03.2015)

HP Point of Sale multiple security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14322
Type:library
Threat Level:
5/10
Description:Multiple vulnereabilities in drivers.
CVE:CVE-2014-7898 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2014-7897 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSScanner.ocx for Imaging Barcode scanners, Linear Barcode scanners, Presentation Barcode scanners, Retail Integrated Barcode scanners, Wireless Barcode scanners, and 2D Value Wireless scanners.)
 CVE-2014-7895 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505.)
 CVE-2014-7894 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.)
 CVE-2014-7893 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCheckScanner.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2507.)
 CVE-2014-7892 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.)
 CVE-2014-7891 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.)
 CVE-2014-7890 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.)
 CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511.)
 CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512.)
Original documentdocumentHP, [security bulletin] HPSBHF03279 rev.1 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code (16.03.2015)

tcpdump multiple security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14315
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in protocols dissectors.
Affected:TCPDUMP : tcpdump 4.7
CVE:CVE-2015-2155 (The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.)
 CVE-2015-2154 (The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.)
 CVE-2015-2153 (The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).)
 CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.)
 CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.)
Original documentdocumentMichael Richardson, tcpdump 4.7.2 remote crashes (16.03.2015)

Cisco Telepresence / Cisco Expressway security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14310
Type:remote
Threat Level:
6/10
Description:DoS, authentication bypass.
Affected:CISCO : TelePresence Video Communication Server 8.2
 CISCO : TelePresence Conductor 2.4
CVE:CVE-2015-0653 (The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.)
 CVE-2015-0652 (The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.)
Files:Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway, and Cisco TelePresence Conductor

Apple iOS multiple security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14317
Type:client
Threat Level:
6/10
Description:Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
Affected:APPLE : Apple iOS 8.1
CVE:CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.)
 CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.)
 CVE-2015-1064 (Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.)
 CVE-2015-1063 (CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.)
 CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.)
 CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-09-1 iOS 8.2 (16.03.2015)

iPass privilege escalation
Published:16.03.2015
Source:
SecurityVulns ID:14312
Type:local
Threat Level:
5/10
Description:Code execution with local system rights is possible.
Affected:IPASS : iPass Mobile Client 2.4
Original documentdocumentadvisories_(at)_mogwaisecurity.de, MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation (16.03.2015)

Apple TV multiple security vulnerabilities
Published:16.03.2015
Source:
SecurityVulns ID:14318
Type:client
Threat Level:
5/10
Description:Weak cryptography, memory corruption, restrictions bypass.
Affected:APPLE : AppleTV 7.0
CVE:CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.)
 CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.)
 CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-09-2 AppleTV 7.1 (16.03.2015)

Cisco Intrusion Prevention System DoS
Published:16.03.2015
Source:
SecurityVulns ID:14311
Type:remote
Threat Level:
5/10
Description:Кратковременные условия при разборе SSL.
Affected:CISCO : Cisco Intrusion Prevention System 7.3
CVE:CVE-2015-0654 (Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.)
Files:Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability

Apple Mac OS X multiple security vulnerabilities
updated since 16.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14319
Type:library
Threat Level:
6/10
Description:Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
Affected:APPLE : MacOS X 10.10
CVE:CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.)
 CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.)
 CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.)
 CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.)
 CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-19-1 Security Update 2015-003 (21.03.2015)
 documentAPPLE, APPLE-SA-2015-03-09-3 Security Update 2015-002 (16.03.2015)

libarchive directory traversal
updated since 16.03.2015
Published:20.04.2015
Source:
SecurityVulns ID:14320
Type:library
Threat Level:
5/10
Description:Directory traversal and symbolic links vulnerability in cpio implementation.
Affected:LIBARCHIVE : libarchive 3.1
CVE:CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.)
 CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:066 ] cpio (20.04.2015)
 documentDEBIAN, [SECURITY] [DSA 3180-1] libarchive security update (16.03.2015)

Kguard Digital Video Recorders security vulnerabilities
updated since 16.03.2015
Published:29.06.2015
Source:
SecurityVulns ID:14316
Type:remote
Threat Level:
5/10
Description:Authentication bypass, commands injection, DoS.
Affected:KGUARD : Kguard SHA108
 KGUARD : Kguard SHA104
CVE:CVE-2015-4464
Original documentdocumentFederick Joe P Fajardo, CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders (29.06.2015)
 documentFederick Joe P Fajardo, Multiple Vulnerabilities with Kguard Digital Video Recorders (16.03.2015)

EMC Secure Remote Services Virtual Edition multiple security vulnerabilities
updated since 16.03.2015
Published:24.08.2015
Source:
SecurityVulns ID:14314
Type:remote
Threat Level:
5/10
Description:Code execution, SQL injection, buffer overflow.
Affected:EMC : EMC Secure Remote Services VS 3.04
 EMC : EMC Secure Remote Services Virtual Edition 3.03
CVE:CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.)
 CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.)
 CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.")
Original documentdocumentSecurify B.V., Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal (24.08.2015)
 documentSecurify B.V., Insufficient certificate validation in EMC Secure Remote Services Virtual Edition (24.08.2015)
 documentEMC, ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities (05.07.2015)
 documentSecurify B.V., Command injection vulnerability in EMC Secure Remote Services Virtual Edition (21.03.2015)
 documentSecurify B.V., EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection (21.03.2015)
 documentEMC, ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities (16.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod