Computer Security
[EN] securityvulns.ru no-pyccku


wpa_supplicant multiple security vulnerabilities
updated since 05.05.2015
Published:21.06.2015
Source:
SecurityVulns ID:14446
Type:remote
Threat Level:
7/10
Description:Buffer overflows, DoS vulnerabilities.
Affected:WPASUPPLICANT : wpa_supplicant 2.4
 GOOGLE : Android 5.1
CVE:CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.)
 CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.)
 CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.)
 CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.)
 CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.)
 CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.)
Original documentdocumentUBUNTU, [USN-2650-1] wpa_supplicant and hostapd vulnerabilities (21.06.2015)
 documentUBUNTU, [USN-2577-1] wpa_supplicant vulnerability (05.05.2015)
 documentxing_fang_(at)_vulnhunt.com, [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow (05.05.2015)

Linux kernel security vulnerabilities
updated since 13.06.2015
Published:21.06.2015
Source:
SecurityVulns ID:14531
Type:library
Threat Level:
5/10
Description:DoS, privilege escalations.
CVE:CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.)
 CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.)
 CVE-2015-3636 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.)
 CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun.")
 CVE-2015-1328
Original documentdocumentDEBIAN, [SECURITY] [DSA 3290-1] linux security update (21.06.2015)
 documentUBUNTU, [USN-2647-1] Linux kernel vulnerability (21.06.2015)
 documentUBUNTU, [USN-2634-1] Linux kernel vulnerabilities (13.06.2015)
 documentUBUNTU, [USN-2631-1] Linux kernel vulnerabilities (13.06.2015)

libvirt / qemu / Xen multiple security vulnerabilities
updated since 13.06.2015
Published:21.06.2015
Source:
SecurityVulns ID:14532
Type:library
Threat Level:
6/10
Description:DoS, privilege escalation, information disclosure, code execution.
Affected:QEMU : qemu 2.2
 XEN : Xen 4.5
CVE:CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.)
 CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.)
 CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.)
 CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.)
 CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.)
 CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.)
 CVE-2015-4037 (The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.)
 CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3286-1] xen security update (21.06.2015)
 documentUBUNTU, [USN-2630-1] QEMU vulnerabilities (13.06.2015)

My Wifi Router buffer overflow
Published:21.06.2015
Source:
SecurityVulns ID:14544
Type:remote
Threat Level:
5/10
Description:Buffer overflow on user authentication.
Affected:MYWIFIROUTER : My Wifi Router 1.0
Original documentdocumentsudson08_(at)_gmail.com, Buffer Overflow in My Wifi Router Software (21.06.2015)

libav / ffmpeg security vulnerabilities
Published:21.06.2015
Source:
SecurityVulns ID:14545
Type:library
Threat Level:
6/10
Description:Memory corruptions in multiple demuxers.
Affected:FFMPEG : FFmpeg 2.6
CVE:CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data.)
 CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3288-1] libav security update (21.06.2015)

p7zip deirectory trversal
Published:21.06.2015
Source:
SecurityVulns ID:14546
Type:local
Threat Level:
5/10
Description:Directory traversal on archive extraction.
Affected:P7ZIP : p7zip 9.20
CVE:CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3289-1] p7zip security update (21.06.2015)

EMC Unified Infrastructure Manager/Provisioning authentication bypass
Published:21.06.2015
Source:
SecurityVulns ID:14547
Type:remote
Threat Level:
5/10
Description:Authentication bypass if LDAP authentication is used.
Affected:EMC : EMC Unified Infrastructure Manager/Provisioning 4.1
CVE:CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.)
Original documentdocumentEMC, ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability (21.06.2015)

OpenStack cinder privilege escalation
Published:21.06.2015
Source:
SecurityVulns ID:14548
Type:local
Threat Level:
5/10
Description:Authorized user can access any files.
Affected:OPENSTACK : Cinder 2015.1
CVE:CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3292-1] cinder security update (21.06.2015)

VCE Vision Intelligent Operations weak cryptography
Published:21.06.2015
Source:
SecurityVulns ID:14549
Type:m-i-t-m
Threat Level:
5/10
Description:Weak cyphers usage, sensitive information transmitted in cleartext.
Affected:VCE : Vision Intelligent Operations 2.6
CVE:CVE-2015-4057
 CVE-2015-4056
Original documentdocumentVCE, VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities (21.06.2015)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.06.2015
Source:
SecurityVulns ID:14550
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SEARCHBLOX : SearchBlox 8.2
 DRUPAL : drupal 7.38
 VESTACP : Vesta Control Panel 0.9
 TYPO3 : Akronymmanager 0.5
 BLACKCATCMS : BlackCat CMS 1.1
CVE:CVE-2015-4117
 CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.)
 CVE-2015-3234 (The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.)
 CVE-2015-3233 (Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2015-3232 (Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.)
 CVE-2015-3231 (The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.)
 CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3291-1] drupal7 security update (21.06.2015)
 documentHigh-Tech Bridge Security Research, OS Command Injection in Vesta Control Panel (21.06.2015)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in SearchBlox (21.06.2015)
 documentd4rkr0id_(at)_gmail.com, BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability (21.06.2015)
 documentRedTeam Pentesting, [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager (21.06.2015)
 documentiedb.team_(at)_gmail.com, Productsurf Cms Sql Injection Vulnerability (21.06.2015)
 documentiedb.team_(at)_gmail.com, WebdesignJiNi Cms Sql Injection Vulnerability (21.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod