Computer Security
[EN] securityvulns.ru no-pyccku


ejabberd protection bypass
Published:27.10.2014
Source:
SecurityVulns ID:14052
Type:m-i-t-m
Threat Level:
5/10
Description:Server does not enforces encryption.
Affected:EJABBERD : ejabberd 2.1
CVE:CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:207 ] ejabberd (27.10.2014)

pidgin security vulnerabilities
Published:27.10.2014
Source:
SecurityVulns ID:14053
Type:remote
Threat Level:
5/10
Description:Insufficient certificates check, directory traversal, memory corruptions, information leakage.
Affected:PIDGIN : Pidgin 2.10
Original documentdocumentSLACKWARE, [slackware-security] pidgin (SSA:2014-296-02) (27.10.2014)

OpenBSD DoS
Published:27.10.2014
Source:
SecurityVulns ID:14054
Type:local
Threat Level:
5/10
Description:System crash on ELF parsing.
Affected:OPENBSD : OpenBSD 5.5
Original documentdocumentAlejandro Hernandez, OpenBSD <= 5.5 Local Kernel Panic (27.10.2014)

libxml DoS
Published:27.10.2014
Source:
SecurityVulns ID:14055
Type:library
Threat Level:
5/10
Description:Resources exhaustion on XML parsing.
Affected:LIBXML : libxml 2.7
CVE:CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:204 ] libxml2 (27.10.2014)

Apple Quicktime multiple security vulnerabilities
Published:27.10.2014
Source:
SecurityVulns ID:14057
Type:client
Threat Level:
6/10
Description:Memory corruptions on video decoding, MIDI and m4a.
Affected:APPLE : QuickTime 7.7
CVE:CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.)
 CVE-2014-4351 (Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.)
 CVE-2014-4350 (Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIDI file.)
 CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.)
Original documentdocumentAPPLE, APPLE-SA-2014-10-22-1 QuickTime 7.7.6 (27.10.2014)

FreeBSD routed DoS
Published:27.10.2014
Source:
SecurityVulns ID:14058
Type:remote
Threat Level:
6/10
Description:Crash on RIP packet from non-local network.
Affected:FREEBSD : FreeBSD 8.4
 FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:21.routed (27.10.2014)

FreeBSD rtsold buffer overflow
Published:27.10.2014
Source:
SecurityVulns ID:14059
Type:client
Threat Level:
6/10
Description:Buffer overflow on DNS response parsing.
Affected:FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold (27.10.2014)

FreeBSD namei information leakage
Published:27.10.2014
Source:
SecurityVulns ID:14060
Type:local
Threat Level:
5/10
Description:Kernel memoryr content leakage.
Affected:FREEBSD : FreeBSD 9.3
 FREEBSD : FreeBSD 10.1
CVE:CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:22.namei (27.10.2014)

Linux kernel multiple security vulnerabilities
updated since 11.10.2014
Published:27.10.2014
Source:
SecurityVulns ID:13997
Type:remote
Threat Level:
7/10
Description:DoS conditions and buffer overflows in multiple drivers, multiple Ceph network file system vulnerabilities.
Affected:LINUX : kernel 3.16
CVE:CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call.)
 CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.)
 CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.)
 CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.)
 CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.)
 CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.)
 CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.)
 CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.)
 CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:201 ] kernel (27.10.2014)
 documentUBUNTU, [USN-2379-1] Linux kernel vulnerabilities (11.10.2014)

python integer overflow
Published:27.10.2014
Source:
SecurityVulns ID:14061
Type:library
Threat Level:
6/10
Description:Integer overflow in buffer().
Affected:PYTHOH : python 2.7
CVE:CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:197 ] python (27.10.2014)

Apple TV security vulnerabilities
Published:27.10.2014
Source:
SecurityVulns ID:14063
Type:client
Threat Level:
6/10
Description:Unauthorized bluetooth pairing, SSL poodle attack.
Affected:APPLE : Apple TV 7.0
CVE:CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Original documentdocumentAPPLE, APPLE-SA-2014-10-20-2 Apple TV 7.0.1 (27.10.2014)

EMC Avamar security vulnerabilities
Published:27.10.2014
Source:
SecurityVulns ID:14064
Type:remote
Threat Level:
5/10
Description:Information leakage, weak passwords encryption.
Affected:EMC : Avamar 6.1
 EMC : Avamar 7.0
CVE:CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.)
 CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.)
Original documentdocumentEMC, ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability (27.10.2014)
 documentEMC, ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability (27.10.2014)

EMC NetWorker Module for MEDITECH information leakage
Published:27.10.2014
Source:
SecurityVulns ID:14065
Type:remote
Threat Level:
5/10
Description:Cleartext passwords in the log files.
Affected:EMC : NetWorker Module for MEDITECH 3.0
CVE:CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.)
Original documentdocumentEMC, ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability (27.10.2014)

PHP memory corruption
updated since 27.10.2014
Published:03.11.2014
Source:
SecurityVulns ID:14056
Type:library
Threat Level:
6/10
Description:exif_thumbnail() memory corruption on JPEG parsing. XMLRPC buffer overflow. object_custom function() integer overflow.
Affected:PHP : PHP 5.5
CVE:CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.)
 CVE-2014-3669 (Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.)
 CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.)
Original documentdocumentUBUNTU, [USN-2391-1] php5 vulnerabilities (03.11.2014)
 documentMANDRIVA, [ MDVSA-2014:202 ] php (27.10.2014)

Apple iOS multiple security vulnerabilities
updated since 27.10.2014
Published:03.11.2014
Source:
SecurityVulns ID:14062
Type:library
Threat Level:
6/10
Description:Unauthorized bluetooth access, insufficient encryption, insufficient certificate check, information leakage, SSL poodle attack.
Affected:APPLE : iOS 8.0
CVE:CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.)
 CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.)
 CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.)
 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.)
Original documentdocumentVulnerability Lab, Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability (03.11.2014)
 documentAPPLE, APPLE-SA-2014-10-20-1 iOS 8.1 (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod