Computer Security
[EN] securityvulns.ru no-pyccku


PHP security vulnerabilities
Published:23.12.2014
Source:
SecurityVulns ID:14172
Type:library
Threat Level:
6/10
Description:Use-after-free in unserialize()
Affected:PHP : PHP 5.6
CVE:CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.)
 CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double free and negative reference index array underflow" results.)
Original documentdocumentSLACKWARE, [slackware-security] php (SSA:2014-356-02) (23.12.2014)

SoX buffer overflows
Published:23.12.2014
Source:
SecurityVulns ID:14174
Type:local
Threat Level:
5/10
Description:Buffer overflows on wav parsing.
Affected:SOX : SoX 14.4
CVE:CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.)
Original documentdocumentAndrea Barisani, [oCERT-2014-010] SoX input sanitization errors (23.12.2014)

Firebird DoS
Published:23.12.2014
Source:
SecurityVulns ID:14175
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference.
Affected:FIREBIRD : Firebird 2.5
CVE:CVE-2014-9323 (The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3109-1] firebird2.5 security update (23.12.2014)

Apache Subversion DoS
updated since 23.12.2014
Published:13.01.2015
Source:
SecurityVulns ID:14176
Type:remote
Threat Level:
6/10
Description:mod_dav_svn NULL pointer dereference on REPORT request processing.
Affected:APACHE : Subversion 1.8
CVE:CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.)
 CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.)
Original documentdocumentMANDRIVA, [ MDVSA-2015:005 ] subversion (13.01.2015)
 documentDEBIAN, [SECURITY] [DSA 3107-1] subversion security update (23.12.2014)

ntpd multiple security vulnerabilities
updated since 23.12.2014
Published:11.02.2015
Source:
SecurityVulns ID:14171
Type:remote
Threat Level:
8/10
Description:Authentication bypass, buffer overflow, information leakage, restrictions bypass.
Affected:NTP : ntp 4.2
CVE:CVE-2014-9298 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-9297 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.)
 CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.)
 CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.)
 CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.)
Original documentdocumentUBUNTU, [USN-2497-1] NTP vulnerabilities (11.02.2015)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:31.ntp (25.12.2014)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products (25.12.2014)
 documentAPPLE, APPLE-SA-2014-12-22-1 OS X NTP Security Update (23.12.2014)
 documentDEBIAN, [SECURITY] [DSA 3108-1] ntp security update (23.12.2014)

UnZip multiple security vulnerabilities
updated since 23.12.2014
Published:22.02.2015
Source:
SecurityVulns ID:14173
Type:remote
Threat Level:
5/10
Description:Few buffer overflows.
Affected:UNZIP : unzip 6.0
CVE:CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.)
 CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.)
 CVE-2014-8141
 CVE-2014-8140
 CVE-2014-8139
Original documentdocumentUBUNTU, [USN-2502-1] unzip vulnerabilities (22.02.2015)
 documentDEBIAN, [SECURITY] [DSA 3152-1] unzip security update (11.02.2015)
 documentAndrea Barisani, [oCERT-2014-011] UnZip input sanitization errors (23.12.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod