Computer Security
[EN] securityvulns.ru no-pyccku


SAP Business Objects multiple security vulnerabilities
Published:21.03.2015
Source:
SecurityVulns ID:14343
Type:remote
Threat Level:
6/10
Description:Unauthorized access to multiple components.
Affected:SAP : BussinessObjects Edge 4.0
CVE:CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.)
 CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.)
 CVE-2015-2074
 CVE-2015-2073
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA (21.03.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA (21.03.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA (21.03.2015)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA (21.03.2015)

OpenSSL multiple security vulnerabilities
updated since 20.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14333
Type:library
Threat Level:
7/10
Description:NULL pointer dereferences, reahable assert()s, memory corruptions.
Affected:OPENSSL : OpenSSL 1.0
 OPENSSL : OpenSSL 0.9
CVE:CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.)
 CVE-2015-0293 (The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.)
 CVE-2015-0292 (Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.)
 CVE-2015-0291 (The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.)
 CVE-2015-0290 (The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.)
 CVE-2015-0289 (The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.)
 CVE-2015-0288 (The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.)
 CVE-2015-0287 (The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.)
 CVE-2015-0286 (The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.)
 CVE-2015-0285 (The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.)
 CVE-2015-0209 (Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.)
 CVE-2015-0208 (The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.)
 CVE-2015-0207 (The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.)
 CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.)
Original documentdocumentNicholas Lemonias., Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security (21.03.2015)
Files:OpenSSL Security Advisory [19 Mar 2015]

Citrix Nitro security vulnerabilities
Published:21.03.2015
Source:
SecurityVulns ID:14337
Type:remote
Threat Level:
6/10
Description:Crossite scripting, commands injection.
Affected:CITRIX : NetScaler 10.5
Original documentdocumentSecurify B.V., Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting (21.03.2015)
 documentSecurify B.V., Command injection vulnerability in Citrix NITRO SDK xen_hotfix page (21.03.2015)

D-Link and TRENDnet routers vulnerabilities
Published:21.03.2015
Source:
SecurityVulns ID:14341
Type:remote
Threat Level:
5/10
Description:CSRF, authentication bypass.
Affected:TRENDNET : TRENDnet TEW-731BR
 DLINK : D-Link DIR-810L
 DLINK : D-Link DIR-826L
 DLINK : D-Link DIR-830L
 DLINK : D-Link DIR-836L
 DLINK : D-Link DIR-820L
 DLINK : D-Link DIR-808L
Original documentdocumentPeter Adkins, D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities (21.03.2015)

PHP multiple security vulnerabilities
updated since 18.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14325
Type:library
Threat Level:
6/10
Description:Resources exhaustion, memory corruptions.
Affected:PHP : PHP 5.5
 PHP : PHP 5.6
CVE:CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.)
 CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.)
 CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.)
 CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.)
 CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.)
 CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.)
 CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3198-1] php5 security update (21.03.2015)
 documentUBUNTU, [USN-2535-1] PHP vulnerabilities (18.03.2015)

Citrix Command Center authentication bypass
Published:21.03.2015
Source:
SecurityVulns ID:14338
Type:remote
Threat Level:
5/10
Description:Advent JMX is accessible.
Affected:CITRIX : Citrix Command Center 5.1
Original documentdocumentSecurify B.V., Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users (21.03.2015)

DSS TFTP directory traversal
Published:21.03.2015
Source:
SecurityVulns ID:14340
Type:remote
Threat Level:
5/10
Description:Directory traversal on file transmission.
Affected:DSS : DSS TFTP 1.0
Original documentdocumentVulnerability Lab, DSS TFTP 1.0 Server - Path Traversal Vulnerability (21.03.2015)

EMC M&R multiple security vulnerabilities
updated since 25.01.2015
Published:21.03.2015
Source:
SecurityVulns ID:14236
Type:remote
Threat Level:
5/10
Description:Crossite scripting, insecure data storage, directory traversal, unrestricted files upload.
Affected:EMC : EMC M&R 6.5
CVE:CVE-2015-0516 (Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.)
 CVE-2015-0515 (Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.)
 CVE-2015-0514 (EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.)
 CVE-2015-0513 (Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.)
Original documentdocumentSecurify B.V., EMC M&R (Watch4net) data storage collector credentials are not properly protected (21.03.2015)
 documentSecurify B.V., Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites (21.03.2015)
 documentSecurify B.V., Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console (21.03.2015)
 documentSecurify B.V., Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend (21.03.2015)
 documentSecurify B.V., Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser (21.03.2015)
 documentSecurify B.V., Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery (21.03.2015)
 documentEMC, ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities (25.01.2015)

Apache Xerces-C DoS
Published:21.03.2015
Source:
SecurityVulns ID:14334
Type:library
Threat Level:
5/10
Description:Memory corruption on XML parsing.
Affected:APACHE : Xerces-C 3.1
CVE:CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.)
Original documentdocumentCantor, Scott E., Xerces-C Security Advisory [CVE-2015-0252] (21.03.2015)

Viber code execution
Published:21.03.2015
Source:
SecurityVulns ID:14335
Type:m-i-t-m
Threat Level:
4/10
Description:Unsafe Javascript interface in combination with unencrypted data transmission.
Affected:VIBER : Viber 5.2
Original documentdocumentSecurify B.V., Viber for Android exposes insecure Javascript interface (21.03.2015)

Jetty information leakage
Published:21.03.2015
Source:
SecurityVulns ID:14342
Type:remote
Threat Level:
6/10
Description:Memory buffers content leakage.
Affected:JETTY : Jetty 9.2
CVE:CVE-2015-2080
Original documentdocumentrgutierrez_(at)_gdssecurity.com, GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server (21.03.2015)

Apple Mac OS X multiple security vulnerabilities
updated since 16.03.2015
Published:21.03.2015
Source:
SecurityVulns ID:14319
Type:library
Threat Level:
6/10
Description:Buffer overflows, DoS, memory corruption, restrictions bypass, weak cryptography.
Affected:APPLE : MacOS X 10.10
CVE:CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.)
 CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.)
 CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.)
 CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.)
 CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.)
Original documentdocumentAPPLE, APPLE-SA-2015-03-19-1 Security Update 2015-003 (21.03.2015)
 documentAPPLE, APPLE-SA-2015-03-09-3 Security Update 2015-002 (16.03.2015)

Citrix NetScaler VPX crossite scripting
Published:21.03.2015
Source:
SecurityVulns ID:14336
Type:remote
Threat Level:
5/10
Description:Crossite scripting in help pages.
Affected:CITRIX : NetScaler 10.5
Original documentdocumentSecurify B.V., Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting (21.03.2015)

SAP HANA XSS
Published:21.03.2015
Source:
SecurityVulns ID:14344
Type:library
Threat Level:
5/10
Description:Crossite scripting in Web-based Development Workbench.
Affected:SAP : HANA 73
CVE:CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.)
Original documentdocumentOnapsis Research Labs, [Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench (21.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod