Computer Security
[EN] securityvulns.ru no-pyccku


wireshark multiple security vulnerabilities
updated since 08.06.2015
Published:29.06.2015
Source:
SecurityVulns ID:14515
Type:remote
Threat Level:
5/10
Description:Multiple memory corruptions in different dissectors.
Affected:WIRESHARK : Wireshark 1.12
CVE:CVE-2015-4652 (epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions.)
 CVE-2015-4651 (The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.)
 CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a packet with a crafted payload, as demonstrated by a length of zero, a different vulnerability than CVE-2015-3906.)
 CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
 CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.)
 CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.)
 CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.)
 CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3294-1] wireshark security update (29.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3277-1] wireshark security update (08.06.2015)

Cisco Virtual WSA / ESA / SMA default keys
Published:29.06.2015
Source:
SecurityVulns ID:14551
Type:remote
Threat Level:
6/10
Description:Default ssh keys are installed.
CVE:CVE-2015-4217 (The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.)
 CVE-2015-4216 (The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.)
Files: Cisco Security Advisory Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Netgear Prosafe multiple security vulnerabilities
Published:29.06.2015
Source:
SecurityVulns ID:14552
Type:remote
Threat Level:
5/10
Description:XSS, headers injection, SQL injection.
Affected:NETGEAR : ProSafe 4.3
Original documentdocumentpost_(at)_encripto.no, Netgear Prosafe VPN Firewalls - Multiple vulnerabilities (29.06.2015)

EMC Unisphere for VMAX code execution
Published:29.06.2015
Source:
SecurityVulns ID:14553
Type:remote
Threat Level:
6/10
Description:JDWP access is possible.
Affected:EMC : Unisphere for VMAX 8.0
CVE:CVE-2015-0545 (EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.)
Original documentdocumentEMC, ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability (29.06.2015)

FreeRADIUS
Published:29.06.2015
Source:
SecurityVulns ID:14554
Type:remote
Threat Level:
5/10
Description:Insufficient certificate revocations checks.
Affected:FREERADIUS : FreeRADIUS 3.0
CVE:CVE-2015-4680
Original documentdocumentAndrea Barisani, [oCERT-2015-008] FreeRADIUS insufficent CRL application (29.06.2015)

SAP NetWeather multiple security vulnerabilities
Published:29.06.2015
Source:
SecurityVulns ID:14556
Type:remote
Threat Level:
7/10
Description:Information disclosure, XXE injection, code execution, DoS.
Affected:SAP : NetWeaver 7.31
CVE:CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.)
 CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.)
 CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.)
 CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.)
Original documentdocumentDarya Maenkova, [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure (29.06.2015)

GNU patch security vulnerabilities
updated since 08.03.2015
Published:29.06.2015
Source:
SecurityVulns ID:14301
Type:local
Threat Level:
5/10
Description:DoS, directory traversal.
Affected:GNU : patch 2.7
CVE:CVE-2015-1396
 CVE-2015-1395
 CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.)
 CVE-2014-9637
Original documentdocumentGNU, [USN-2651-1] GNU patch vulnerabilities (29.06.2015)
 documentMANDRIVA, [ MDVSA-2015:050 ] patch (08.03.2015)

SAP Afaria security vulnerabilities
Published:29.06.2015
Source:
SecurityVulns ID:14557
Type:remote
Threat Level:
5/10
Description:DoS, authentication bypass
Affected:SAP : Afaria 7 .0
CVE:CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584.)
 CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.)
Original documentdocumentDarya Maenkova, [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check (29.06.2015)

SAP SYBASE SQL Anywhere DoS
Published:29.06.2015
Source:
SecurityVulns ID:14558
Type:remote
Threat Level:
5/10
Description:DoS on request processing.
Affected:SAP : SYBASE SQL Anywhere 16
CVE:CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161.)
Original documentdocumentDarya Maenkova, [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS (29.06.2015)

Kguard Digital Video Recorders security vulnerabilities
updated since 16.03.2015
Published:29.06.2015
Source:
SecurityVulns ID:14316
Type:remote
Threat Level:
5/10
Description:Authentication bypass, commands injection, DoS.
Affected:KGUARD : Kguard SHA108
 KGUARD : Kguard SHA104
CVE:CVE-2015-4464
Original documentdocumentFederick Joe P Fajardo, CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders (29.06.2015)
 documentFederick Joe P Fajardo, Multiple Vulnerabilities with Kguard Digital Video Recorders (16.03.2015)

SAP Mobile Platform XXE injection
updated since 29.06.2015
Published:14.09.2015
Source:
SecurityVulns ID:14555
Type:remote
Threat Level:
6/10
Description:Few XXE injections.
Affected:SAP : SAP Mobile Platform 2.3
CVE:CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.)
 CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.)
Original documentdocumentERPScan inc, [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository (14.09.2015)
 documentDarya Maenkova, [ERPSCAN-15-005] SAP Mobile Platform - XXE (29.06.2015)
 documentDarya Maenkova, [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE (29.06.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod