Computer Security
[EN] securityvulns.ru no-pyccku


libvirt / qemu security vulnerabilities
updated since 05.05.2015
Published:17.05.2015
Source:
SecurityVulns ID:14442
Type:local
Threat Level:
6/10
Description:Crash on PCI registers, IDE controller and Physical Region Descriptor Table decoder. Code execution.
Affected:QEMU : qemu 2.1
 QEMU : qemu 1.6
CVE:CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.)
 CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.)
 CVE-2015-1779
 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions.)
Original documentdocumentUBUNTU, [USN-2608-1] QEMU vulnerabilities (17.05.2015)
 documentMANDRIVA, [ MDVSA-2015:210 ] qemu (05.05.2015)

Apache Tomcat security vulnerabilities
updated since 11.05.2015
Published:17.05.2015
Source:
SecurityVulns ID:14462
Type:library
Threat Level:
5/10
Description:Resources exhaustion, restrictions bypass.
Affected:APACHE : Tomcat 8.0
CVE:CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.)
 CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (memory consumption) via a series of aborted upload attempts.)
Original documentdocumentAPACHE, [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass (17.05.2015)
 documentAPACHE, [SECURITY] CVE-2014-0230: Apache Tomcat DoS (11.05.2015)

Cisco Telepresence security vulnerabilities
Published:17.05.2015
Source:
SecurityVulns ID:14495
Type:remote
Threat Level:
6/10
Description:Code execution, authentication bypass, DoS.
CVE:CVE-2015-0722 (The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952.)
 CVE-2015-0713 (The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.)
 CVE-2014-2174 (Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651.)
Files: Cisco Security Advisory Command Injection Vulnerability in Multiple Cisco TelePresence Products
  Cisco Security Advisory Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Pure Faction game server buffer overflow
Published:17.05.2015
Source:
SecurityVulns ID:14496
Type:remote
Threat Level:
5/10
Description:Buffer overflow via game chat.
Affected:PUREFACTION : Pure Faction 3.0
Original documentdocumentsoulsgetnothing_(at)_hotmail.com, Server buffer overflow in Pure Faction <= 3.0c (17.05.2015)

SAP applications buffer overflow
Published:17.05.2015
Source:
SecurityVulns ID:14497
Type:library
Threat Level:
6/10
Description:Buffer overflow in LZC/LZH implementation.
CVE:CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.)
 CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities (17.05.2015)

Websense Content Gateway certificates check vulnereability
Published:17.05.2015
Source:
SecurityVulns ID:14498
Type:m-i-t-m
Threat Level:
5/10
Description:Compromised certificates are incorrectly checked.
Affected:WEBSENSE : Websense Content Gateway 7.8
Original documentdocumentSteve Shockley, Certificate trust vulnerability in Websense Content Gateway (17.05.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 17.05.2015
Published:18.05.2015
Source:
SecurityVulns ID:14499
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIDU : Sidu 5.2
 WSO2 : WSO2 Identity Server 5.0
 LOXONE : Loxone Smart Home 6.4
 WEBINDIASOLUTION : Web India Solutions CMS 2015
 CONCRETE5 : Concrete5 CMS 5.7
 PHPMYADMIN : phpMyAdmin 4.4
CVE:CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel parameter to index.php/dashboard/reports/logs/view, (3) accessType parameter to index.php/tools/required/permissions/access_entity, (4) msCountry parameter to index.php/dashboard/system/multilingual/setup/load_icon, arHandle parameter to (5) design/submit or (6) design in index.php/ccm/system/dialogs/area/design/submit, (7) pageURL to index.php/dashboard/pages/single, (8) SEARCH_INDEX_AREA_METHOD parameter to index.php/dashboard/system/seo/searchindex/updated, (9) unit parameter to index.php/dashboard/system/optimization/jobs/job_scheduled, (10) register_notification_email parameter to index.php/dashboard/system/registration/open/1, or (11) PATH_INFO to index.php/dashboard/extend/connect/.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2) (18.05.2015)
 documentsubmit_(at)_cxsec.org, phpMyAdmin 4.4.6 Man-In-the-Middle API Github (18.05.2015)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server (18.05.2015)
 documentOnur Yilmaz, Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250 (17.05.2015)
 documentVulnerability Lab, Web India Solutions CMS 2015 - SQL Injection Vulnerability (17.05.2015)
 documentapparitionsec_(at)_gmail.com, Sidu 5.2 Admin XSS Vulnerability (17.05.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod