Computer Security
[EN] securityvulns.ru no-pyccku


denyhosts DoS
Published:24.12.2013
Source:
SecurityVulns ID:13463
Type:remote
Threat Level:
5/10
Description:Invalid regular expression can be exploited to ban arbitrary IP address.
Affected:DENYHOSTS : denyhosts 2.6
CVE:CVE-2013-6890 (denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2826-1] denyhosts security update (24.12.2013)

VMWare ESX / ESXi privilege escalation
Published:24.12.2013
Source:
SecurityVulns ID:13465
Type:local
Threat Level:
5/10
Description:Files access privilege escalation.
Affected:VMWARE : ESX 4.1
 VMWARE : ESXi 5.5
CVE:CVE-2013-5973 (VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.)
Original documentdocumentVMWARE, NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (24.12.2013)

Wireshark DoS
Published:24.12.2013
Source:
SecurityVulns ID:13466
Type:remote
Threat Level:
5/10
Description:Problems with NTLMSSPv2 and BSSGP dissectors.
Affected:WIRESHARK : Wireshark 1.10
CVE:CVE-2013-7114 (Multiple buffer overflows in the create_ntlmssp_v2_key function in epan/dissectors/packet-ntlmssp.c in the NTLMSSP v2 dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 allow remote attackers to cause a denial of service (application crash) via a long domain name in a packet.)
 CVE-2013-7113 (epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.10.x before 1.10.4 incorrectly relies on a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2825-1] wireshark security update (24.12.2013)

Apple Motion buffer overflow
Published:24.12.2013
Source:
SecurityVulns ID:13467
Type:local
Threat Level:
4/10
Description:Buffer overflow on .motn files parsing.
Affected:APPLE : Motion 5.0
CVE:CVE-2013-6114 (Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.)
Original documentdocumentAPPLE, APPLE-SA-2013-12-19-1 Motion 5.1 (24.12.2013)

QT resources exhaustion
Published:24.12.2013
Source:
SecurityVulns ID:13468
Type:library
Threat Level:
5/10
Description:Resources exhaustion leads to denial of service.
Affected:QT : qt 4.8
CVE:CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.)
Original documentdocumentUBUNTU, [USN-2057-1] Qt vulnerability (24.12.2013)

RealPlayer buffer overflow
Published:24.12.2013
Source:
SecurityVulns ID:13469
Type:local
Threat Level:
4/10
Description:Buffer overflow on RMP files parsing.
Affected:REALNETWORKS : RealPlayer 16.0
CVE:CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-0903 - RealPlayer Heap-based Buffer Overflow Vulnerability (24.12.2013)

Apple Safari multiple security vulnerabilities
Published:24.12.2013
Source:
SecurityVulns ID:13470
Type:client
Threat Level:
8/10
Description:Information leakage, multiple memory corruptions.
Affected:APPLE : Safari 7.0
 APPLE : Safari 6.1
Original documentdocumentAPPLE, APPLE-SA-2013-12-16-2 OS X Mavericks v10.9.1 (24.12.2013)
 documentAPPLE, APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1 (24.12.2013)

Asterisk security vulnerabilities
Published:24.12.2013
Source:
SecurityVulns ID:13471
Type:remote
Threat Level:
8/10
Description:SMS parsing buffer overflow, Asterisk Manager privilege escalation.
Affected:ASTERISK : Asterisk 11.6
Original documentdocumentASTERISK, AST-2013-007: Asterisk Manager User Dialplan Permission Escalation (24.12.2013)
 documentASTERISK, AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message (24.12.2013)

libiodbc rpath vulnerability
Published:24.12.2013
Source:
SecurityVulns ID:13472
Type:local
Threat Level:
3/10
Description:Unsafe rpath vulnerability in test applications.
Affected:LIBIODBC : libiodbc 14.1
Original documentdocumentSLACKWARE, [slackware-security] libiodbc (SSA:2013-350-01) (24.12.2013)

llvm unsafe rpath
Published:24.12.2013
Source:
SecurityVulns ID:13473
Type:local
Threat Level:
4/10
Description:rpath is set to /tmp
Affected:LLVM : llvm 3.3
Original documentdocumentSLACKWARE, [slackware-security] llvm (SSA:2013-350-03) (24.12.2013)

PHP memory corruption
updated since 24.12.2013
Published:30.12.2013
Source:
SecurityVulns ID:13464
Type:library
Threat Level:
7/10
Description:Memory corruption in asn1_time_to_time_t()
Affected:PHP : PHP 5.5
CVE:CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.)
Original documentdocumentStefan Esser, Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability (30.12.2013)
 documentMANDRIVA, [ MDVSA-2013:298 ] php (24.12.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod