Computer Security
[EN] securityvulns.ru no-pyccku


libmagic / file / fileinfo / PHP security vulnerabilities
updated since 10.12.2014
Published:18.03.2015
Source:
SecurityVulns ID:14140
Type:library
Threat Level:
5/10
Description:Vulnerabilities in ELF parsing.
CVE:CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.)
 CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.)
 CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3196-1] file security update (18.03.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:28.file (10.12.2014)

Fortinet Single Sign buffer overflow
Published:18.03.2015
Source:
SecurityVulns ID:14323
Type:remote
Threat Level:
5/10
Description:Buffer overflow on network messages parsing.
Affected:FORTINET : FSSO Novell eDirectory 4.3
 FORTINET : FSSO Windows Active Directory 4.3
CVE:CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2015-0006] - Fortinet Single Sign On Stack Overflow (18.03.2015)

libXfont multiple security vulnerabilities
Published:18.03.2015
Source:
SecurityVulns ID:14324
Type:library
Threat Level:
6/10
Description:Memory corruptions on bdf parsing.
Affected:LIBXFONT : libXfont 1.4
CVE:CVE-2015-1804 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.)
 CVE-2015-1803 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.)
 CVE-2015-1802 (The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.)
Original documentdocumentUBUNTU, [USN-2536-1] libXfont vulnerabilities (18.03.2015)

Apple Safari / Webkit multiple security vulnerabilities
Published:18.03.2015
Source:
SecurityVulns ID:14326
Type:library
Threat Level:
7/10
Description:Multiple memory corruptions, spoofing.
Affected:APPLE : Safari 6.2
 APPLE : Safari 8.0
 APPLE : Safari 7.1
CVE:CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.)
 CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1082 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1081 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1080 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1079 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1078 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1077 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1076 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1075 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1074 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1073 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1072 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1071 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1070 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1069 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
 CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 (18.03.2015)

libav / ffmpeg multiple security vulnerabilities
Published:18.03.2015
Source:
SecurityVulns ID:14327
Type:library
Threat Level:
6/10
Description:Multiple memory corruptions on different media formats parsing.
Affected:FFMPEG : FFmpeg 2.5
CVE:CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the (1) restore_median and (2) restore_median_il functions.)
 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.)
 CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.)
 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.)
 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data.)
 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted JV data.)
Original documentdocumentUBUNTU, [USN-2534-1] Libav vulnerabilities (18.03.2015)

checkpw DoS
Published:18.03.2015
Source:
SecurityVulns ID:14328
Type:library
Threat Level:
5/10
Description:Infinite loop on account names with two dashes.
Affected:CHECKPW : checkpw 1.02
CVE:CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3192-1] checkpw security update (18.03.2015)

python requests library session fixation
Published:18.03.2015
Source:
SecurityVulns ID:14330
Type:library
Threat Level:
5/10
Description:Invalid cookies processing in redirects.
Affected:PYTHON : python-requests 2.3
CVE:CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.)
Original documentdocumentUBUNTU, [USN-2531-1] Requests vulnerability (18.03.2015)

GnuTLS security vulnerabilities
Published:18.03.2015
Source:
SecurityVulns ID:14331
Type:library
Threat Level:
6/10
Description:Protocol downgrade attacks.
Affected:GNU : gnutls 2.12
CVE:CVE-2015-0294
 CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3191-1] gnutls26 security update (18.03.2015)

putty information leakage
Published:18.03.2015
Source:
SecurityVulns ID:14332
Type:local
Threat Level:
2/10
Description:Sensitive memory regions are not wiped.
Affected:PUTTY : putty 0.63
CVE:CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3190-1] putty security update (18.03.2015)

PHP multiple security vulnerabilities
updated since 18.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14325
Type:library
Threat Level:
6/10
Description:Resources exhaustion, memory corruptions.
Affected:PHP : PHP 5.5
 PHP : PHP 5.6
CVE:CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.)
 CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.)
 CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.)
 CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.)
 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.)
 CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.)
 CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3198-1] php5 security update (21.03.2015)
 documentUBUNTU, [USN-2535-1] PHP vulnerabilities (18.03.2015)

cups-filters code execution
updated since 18.03.2015
Published:19.04.2015
Source:
SecurityVulns ID:14329
Type:library
Threat Level:
6/10
Description:cups-browsed shell characters vulnerability
Affected:CUPS : cups-filters 1.0
CVE:CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.)
 CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.)
 CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues.")
 CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.)
 CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.)
 CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:100 ] cups-filters (19.04.2015)
 documentUBUNTU, [USN-2532-1] cups-filters vulnerability (18.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod