Computer Security
[EN] securityvulns.ru no-pyccku


DBus DoS
Published:17.06.2013
Source:
SecurityVulns ID:13124
Type:local
Threat Level:
4/10
Description:Crash on message processing.
Affected:DBUS : DBus 1.6
CVE:CVE-2013-2168 (The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message.)
Original documentdocumentUBUNTU, [USN-1874-1] DBus vulnerability (17.06.2013)

Wireshark multiple security vulnerabilities
updated since 03.06.2013
Published:17.06.2013
Source:
SecurityVulns ID:13095
Type:remote
Threat Level:
5/10
Description:Vulnerabilities in GTPv2, ASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC, CAPWAP, HTTP, DCP ETSI and Websocket dissectors.
Affected:WIRESHARK : Wireshark 1.8
CVE:CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.6.x before 1.6.16, 1.8.x before 1.8.8, and 1.10.0 does not validate a certain fragment length value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-4081 (The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet.)
 CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3560 (The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.)
 CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:172 ] wireshark (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2700-1] wireshark security update (03.06.2013)

Avira Antivir DoS
Published:17.06.2013
Source:
SecurityVulns ID:13125
Type:library
Threat Level:
5/10
Description:Endless loop on PDF processing.
Affected:AVIRA : AntiVir 8.2
Original documentdocumentLSE Leading Security Experts GmbH (Security Advisories), LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine (17.06.2013)

Apple Mac OS X multiple security vulnerabilities
Published:17.06.2013
Source:
SecurityVulns ID:13126
Type:library
Threat Level:
8/10
Description:Information leakage, memory corruption on graphics and video formats parsing, privilege escalation, different libraries vulnerabilities.
Affected:APPLE : MacOS X 10.8
CVE:CVE-2013-1857 (The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.)
 CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference.)
 CVE-2013-1855 (The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.)
 CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.)
 CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2013-0990 (SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.)
 CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.)
 CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.)
 CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.)
 CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.)
 CVE-2013-0985 (Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.)
 CVE-2013-0984 (Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.)
 CVE-2013-0983 (Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.)
 CVE-2013-0982 (The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.)
 CVE-2013-0975 (Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
 CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.)
 CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.)
 CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.)
 CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.)
 CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.)
Original documentdocumentAPPLE, APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 (17.06.2013)

WebKit / Apple Safari multiple security vulnerabilities
Published:17.06.2013
Source:
SecurityVulns ID:13127
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions and crossite scripting.
Affected:APPLE : Safari 6.0
CVE:CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.)
 CVE-2013-1013 (XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.)
 CVE-2013-1012 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.)
 CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1009 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.)
 CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.)
 CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.)
 CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
Original documentdocumentAPPLE, APPLE-SA-2013-06-04-2 Safari 6.0.5 (17.06.2013)

telepathy-gabbleprotection bypass
Published:17.06.2013
Source:
SecurityVulns ID:13129
Type:m-i-t-m
Threat Level:
5/10
Description:TLS required flag is ignored on jabber network.
Affected:TELEPATHY : telepathy-gabble 0.9
CVE:CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2702-1] telepathy-gabble security update (17.06.2013)

Chromium / Google Chrome multiple security vulnerabilities
updated since 05.06.2013
Published:17.06.2013
Source:
SecurityVulns ID:13112
Type:client
Threat Level:
8/10
Description:Use-after-free, DoS conditions, race conditions, information leakage, XSS.
Affected:GOOGLE : Chrome 27.0
 CHROMIUM : Chromium 27.0
CVE:CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process.)
 CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors.)
 CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images.)
 CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.)
 CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.)
 CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.)
 CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2840.)
 CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.)
 CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style resolution.)
 CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of speech data.)
 CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.)
 CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of Pepper resources.)
 CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2013-2846.)
 CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of an unspecified variable during handling of clipboard data, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors.)
 CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.)
 CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2706-1] chromium-browser security update (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2695-1] chromium-browser security update (05.06.2013)

Subversion security vulnerabilities
Published:17.06.2013
Source:
SecurityVulns ID:13130
Type:remote
Threat Level:
5/10
Description:Few DoS conditions.
Affected:SUBVERSION : Subversion 1.6
CVE:CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.)
 CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2703-1] subversion security update (17.06.2013)

PHP buffer overflow
Published:17.06.2013
Source:
SecurityVulns ID:13131
Type:library
Threat Level:
7/10
Description:Buffer overflow in quoted_printable_encode() function.
Affected:PHP : PHP 5.4
CVE:CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.)
Original documentdocumentSLACKWARE, [slackware-security] php (SSA:2013-161-01) (17.06.2013)

X servers and libraries security vulnerabilities
updated since 27.05.2013
Published:17.06.2013
Source:
SecurityVulns ID:13089
Type:library
Threat Level:
7/10
Description:Multiple integer overflows, buffer overflows, memory corruptions, etc.
Affected:LIBDMX : libdmx 1.1
 LIBXV : libxv 1.0
 LIBXVMC : libxvmc 1.0
 XORG : libxfixes 5.0
 XORG : libxrender 0.9
 XORG : mesa 8.0
 XORG : xserver-xorg-video-openchrome 0.2
 XORG : libxt 1.1
 XORG : libxcursor 1.1
 XORG : libxext 1.3
 XORG : libxi 1.6
 XORG : libxrandr 1.3
 XORG : libxp 1.0
 XORG : libxcb 1.8
 XORG : libfs 1.0
 XORG : libxres 1.0
 XORG : libxtst 1.2
 XORG : libxxf86dga 1.1
 XORG : libxinerama 1.1
 XORG : libxxf86vm 1.1
 LIBX11 : libx11 1.5
CVE:CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvQueryPortAttributes function.)
 CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.)
 CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XRecordGetContext function.)
 CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGetOneAttribute, (3) XpGetPrinterList, and (4) XpQueryScreens functions.)
 CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions.)
 CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.)
 CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the _XcursorFileHeaderCreate function.)
 CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the _XtResourceConfigurationEH function.)
 CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XF86VidModeGetGammaRamp function.)
 CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XDGAQueryModes and (2) XDGASetMode functions.)
 CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the XvMCGetDRInfo function.)
 CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XGetDeviceButtonMapping, (2) XIPassiveGrabDevice, and (3) XQueryDeviceState functions.)
 CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values to the (1) XAllocColorCells, (2) _XkbReadGetDeviceInfoReply, (3) _XkbReadGeomShapes, (4) _XkbReadGetGeometryReply, (5) _XkbReadKeySyms, (6) _XkbReadKeyActions, (7) _XkbReadKeyBehaviors, (8) _XkbReadModifierMap, (9) _XkbReadExplicitComponents, (10) _XkbReadVirtualModMap, (11) _XkbReadGetNamesReply, (12) _XkbReadGetMapReply, (13) _XimXGetReadData, (14) XListFonts, (15) XListExtensions, and (16) XGetFontPath functions.)
 CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.)
 CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function.)
 CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro in openChrome 0.3.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) uniDRIOpenConnection and (2) uniDRIGetClientDriverName functions.)
 CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.)
 CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) DMXGetInputAttributes functions.)
 CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XDGAQueryModes and (2) XDGASetMode functions.)
 CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvMCListSurfaceTypes and (2) XvMCListSubpictureTypes functions.)
 CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function.)
 CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XResQueryClients and (2) XResQueryClientResources functions.)
 CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters, (2) XRenderQueryFormats, and (3) XRenderQueryPictIndexValues functions.)
 CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions.)
 CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.)
 CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMotionEvents, (5) XIGetProperty, (6) XIGetSelectedEvents, (7) XGetDeviceProperties, and (8) XListInputDevices functions.)
 CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.)
 CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.)
 CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) XListHosts, (6) XGetModifierMapping, (7) XGetPointerMapping, (8) XGetKeyboardMapping, (9) XGetWindowProperty, (10) XGetImage, (11) LoadColornameDB, (12) XrmGetFileDatabase, (13) _XimParseStringFile, or (14) TransFileName functions.)
 CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d graphics that trigger an out-of-bounds array access, related to the fs_visitor::remove_dead_constants function. NOTE: this issue might be related to CVE-2013-0796.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2704-1] mesa security update (17.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2693-1] libx11 security update (03.06.2013)
 documentDEBIAN, [SECURITY] [DSA 2675-2] libxvmc regression update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2692-1] libxxf86vm security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2691-1] libxinerama security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2690-1] libxxf86dga security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2689-1] libxtst security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2688-1] libxres security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2687-1] libfs security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2686-1] libxcb security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2685-1] libxp security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2684-1] libxrandr security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2683-1] libxi security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2682-1] libxext security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2681-1] libxcursor security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2680-1] libxt security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2679-1] xserver-xorg-video-openchrome security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2678-1] mesa security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2677-1] libxrender security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2676-1] libxfixes security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2675-1] libxvmc security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2674-1] libxv security update (27.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2673-1] libdmx security update (27.05.2013)

Ruckus ZoneDirector authentication bypass
Published:17.06.2013
Source:
SecurityVulns ID:13132
Type:remote
Threat Level:
5/10
Description:Unauthorized access if external authentication protocol is configured.
Affected:RUCKUS : ZoneDirector 9.5
Original documentdocumentRuckus Product Security Team, RUCKUS ADVISORY ID 031813-2: User authentication bypass vulnerability in ZoneDirector administrative web interface (17.06.2013)

Ubiquiti airCam buffer overflow
Published:17.06.2013
Source:
SecurityVulns ID:13134
Type:remote
Threat Level:
5/10
Description:Buffer overflow in RTSP service
Affected:UBIQUITI : airCam
CVE:CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0430 - Buffer overflow in Ubiquiti airCam RTSP service (17.06.2013)

HP Service Manager / HP ServiceCenter security vulnerabilities
Published:17.06.2013
Source:
SecurityVulns ID:13135
Type:remote
Threat Level:
5/10
Description:Crossite scripting, information leakage.
Affected:HP : HP Service Manager 9.31
CVE:CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02884 rev.1 - HP Service Manager and HP ServiceCenter, Cross Site Scripting (XSS) and Disclosure of Information (17.06.2013)

HP Integrated Lights-Out unauthorized access
Published:17.06.2013
Source:
SecurityVulns ID:13136
Type:remote
Threat Level:
5/10
Description:Unauthorized access if SSO is configured.
Affected:HP : Integrated Lights-Out 3
 HP : Integrated Lights-Out 4
CVE:CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBHF02885 rev.1 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access (17.06.2013)

pymongo DoS
Published:17.06.2013
Source:
SecurityVulns ID:13137
Type:library
Threat Level:
5/10
Description:NULL pointer dereference.
Affected:PYTHON : pymongo 2.5
CVE:CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef.")
Original documentdocumentDEBIAN, [SECURITY] [DSA 2705-1] pymongo security update (17.06.2013)

Mozilla Firefox / Microsoft Internet Explorer DoS
Published:17.06.2013
Source:
SecurityVulns ID:13138
Type:client
Threat Level:
4/10
Description:Crash or hang via resources exhaustion.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MOZILLA : Firefox 15.0
Original documentdocumentMustLive, DoS vulnerability in Mozilla Firefox and Microsoft Internet Explorer (17.06.2013)
 documentpereira_(at)_secbiz.de, Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit (17.06.2013)

OpenStack multiple security vulnerabilities
updated since 17.06.2013
Published:01.07.2013
Source:
SecurityVulns ID:13128
Type:library
Threat Level:
6/10
Description:Keystone protection bypass and authentication bypass, Nova DoS.
Affected:OPENSTACK : Nova 2012.2
 OPENSTACK : KeyStone 2012.2
 OPENSTACK : Grizzly 2013.1
 OPENSTACK : Nova 2013.1
 OPENSTACK : OpenStack Object Storage 1.7
CVE:CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.)
 CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.)
 CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.)
 CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.)
 CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.)
 CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
 CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.)
Original documentdocumentUBUNTU, [USN-1887-1] OpenStack Swift vulnerabilities (01.07.2013)
 documentUBUNTU, [USN-1831-1] OpenStack Nova vulnerability (17.06.2013)
 documentUBUNTU, [USN-1830-1] OpenStack Keystone vulnerability (17.06.2013)
 documentUBUNTU, [USN-1875-1] OpenStack Keystone vulnerabilities (17.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod