Computer Security
[EN] securityvulns.ru no-pyccku


cups-filters code execution
updated since 18.03.2015
Published:19.04.2015
Source:
SecurityVulns ID:14329
Type:library
Threat Level:
6/10
Description:cups-browsed shell characters vulnerability
Affected:CUPS : cups-filters 1.0
CVE:CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.)
 CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.)
 CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.)
 CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues.")
 CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.)
 CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.)
 CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:100 ] cups-filters (19.04.2015)
 documentUBUNTU, [USN-2532-1] cups-filters vulnerability (18.03.2015)

Apple Safari / Webkit multiple security vulnerabilities
updated since 08.04.2015
Published:19.04.2015
Source:
SecurityVulns ID:14356
Type:library
Threat Level:
8/10
Description:Invalid SSL validation, information leakage, crossite access, memory corruptions.
Affected:APPLE : Safari 8.0
 APPLE : Safari 6.2
 APPLE : Safari 7.1
CVE:CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.)
 CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-notification requests.)
 CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.)
 CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.)
 CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1122 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1121 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1120 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1119 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.)
 CVE-2015-1112 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which allows attackers to obtain sensitive information by reading this file.)
Original documentdocumentJouko Pynnonen, Safari iOS/OS X/Windows cookie access vulnerability (19.04.2015)
 documentAPPLE, APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 (08.04.2015)

freexl multiple security vulnerabilities
Published:19.04.2015
Source:
SecurityVulns ID:14408
Type:library
Threat Level:
6/10
Description:Multiple memory corruptions on Excel documents parsing.
Affected:FREEXL : freexl 1.0
CVE:CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.)
 CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF.")
 CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3208-1] freexl security update (19.04.2015)

gtk+ protection bypass
Published:19.04.2015
Source:
SecurityVulns ID:14407
Type:local
Threat Level:
5/10
Description:Screen lock bypass.
Affected:GNOME : GTK+ 3.10
CVE:CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:162 ] gtk+3.0 (19.04.2015)

TP-LINK devices unauthorized files access
Published:19.04.2015
Source:
SecurityVulns ID:14406
Type:remote
Threat Level:
5/10
Description:Directory traversal in web interface.
CVE:CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) (19.04.2015)

Jython weak permissions
Published:19.04.2015
Source:
SecurityVulns ID:14409
Type:local
Threat Level:
5/10
Description:Weak permissions on cache files creation.
Affected:JYTHON : Jython 2.2
CVE:CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:158 ] jython (19.04.2015)

HP Support Solution Framework security vulnerabilities
Published:19.04.2015
Source:
SecurityVulns ID:14405
Type:remote
Threat Level:
5/10
Description:Code execution, information disclosure.
Affected:HP : HP Support Solution Framework 11.51
CVE:CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors.)
Original documentdocumentHP, [security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information (19.04.2015)

util-linux blkid commands injection
Published:19.04.2015
Source:
SecurityVulns ID:14412
Type:local
Threat Level:
5/10
Affected:UTILLINUX : util-linux 2.24
CVE:CVE-2014-9114
Original documentdocumentMANDRIVA, [ MDVSA-2015:122 ] util-linux (19.04.2015)

Shibboleth Service Provider DoS
Published:19.04.2015
Source:
SecurityVulns ID:14415
Type:remote
Threat Level:
5/10
Description:Crash on parsing SAML message.
Affected:SHIBBOLETH : Shibboleth Service Provider 2.5
CVE:CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3207-1] shibboleth-sp2 security update (19.04.2015)

dulwich security vulnerabilities
Published:19.04.2015
Source:
SecurityVulns ID:14414
Type:local
Threat Level:
5/10
Description:Code execution, buffer overflow.
Affected:DULWICH : Dulwich 0.9
CVE:CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.)
 CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3206-1] dulwich security update (19.04.2015)

Not Yet Commons SSL certificate spoofing
Published:19.04.2015
Source:
SecurityVulns ID:14410
Type:library
Threat Level:
5/10
Description:Insufficient certificate checking.
Affected:NOTYETCOMMONSSL : Not Yet Commons SSL 0.3
CVE:CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:141 ] not-yet-commons-ssl (19.04.2015)

cifs-utils buffer overflow
Published:19.04.2015
Source:
SecurityVulns ID:14413
Type:library
Threat Level:
5/10
Description:pam_cifscreds buffer overflow.
Affected:CIFSUTILS : cifs-utils 6.3
CVE:CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:114 ] cifs-utils (19.04.2015)

pillow multiple security vulnerabilities
Published:19.04.2015
Source:
SecurityVulns ID:14416
Type:library
Threat Level:
5/10
Description:Symbolic links vulnerability, DoS, shell injection.
Affected:PYTHON : Pillow 2.5
CVE:CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.)
 CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.)
 CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.)
 CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.)
 CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:099 ] python-pillow (19.04.2015)

Android multiple security vulnerabilities
Published:19.04.2015
Source:
SecurityVulns ID:14403
Type:library
Threat Level:
6/10
Description:Restrictions bypass, code execution.
Affected:ANDROID : Android 4.4
CVE:CVE-2014-7954
 CVE-2014-7951
Original documentdocumentImre RAD, CVE-2014-7953 Android backup agent code execution (19.04.2015)
 documentImre RAD, CVE-2014-7951 adb backup archive path traversal file overwrite (19.04.2015)
 documentImre RAD, CVE-2014-7954 MTP path traversal vulnerability in Android (19.04.2015)

PulseAudio DoS
Published:19.04.2015
Source:
SecurityVulns ID:14411
Type:remote
Threat Level:
5/10
Description:Crash on empty UDP packet.
Affected:PULSEAUDIO : PulseAudio 5.0
CVE:CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:134 ] pulseaudio (19.04.2015)

ipTIME code execution
updated since 19.04.2015
Published:05.07.2015
Source:
SecurityVulns ID:14404
Type:remote
Threat Level:
5/10
Description:Code execution via web interface.
Original documentdocumentPierre Kim, Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) (05.07.2015)
 documentPierre Kim, 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges (19.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod