Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Video Surveillance DoS
Published:31.10.2011
Source:
SecurityVulns ID:12004
Type:remote
Threat Level:
5/10
Description:Crash on RTSP packet parsing.
Affected:CISCO : Video Surveillance 2500
 CISCO : Video Surveillance 2421
 CISCO : Video Surveillance 2600
CVE:CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software 1.1.x and 2.x before 2.4.0 and Video Surveillance 2600 series cameras with software before 4.2.0-13 allow remote attackers to cause a denial of service (device reload) by sending crafted RTSP packets over TCP, aka Bug IDs CSCtj96312, CSCtj39462, and CSCtl80175.)
Original documentdocumentCISCO, Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras (31.10.2011)

Novell iPrint buffer overflow
Published:31.10.2011
Source:
SecurityVulns ID:12006
Type:remote
Threat Level:
6/10
Description:GetDriverSettings() function buffer overflow.
CVE:CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nipplib.dll in the iPrint client in Novell Open Enterprise Server 2 (aka OES2) SP3 allows remote attackers to execute arbitrary code via a long (1) hostname or (2) port field.)
Original documentdocumentZDI, ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulnerability (31.10.2011)

HP-UX Containers privilege escalation
Published:31.10.2011
Source:
SecurityVulns ID:12007
Type:local
Threat Level:
5/10
Affected:HP : HP-UX 11.31
CVE:CVE-2011-3164 (Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges (31.10.2011)

tor information discosure
Published:31.10.2011
Source:
SecurityVulns ID:12008
Type:m-i-t-m
Threat Level:
5/10
Description:Combined attacks may be used to deaninmize user.
Affected:TOR : tor 0.2
CVE:CVE-2011-2769 (Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values.)
 CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2331-1] tor security update (31.10.2011)

Cisco Nexus switches protection bypass
updated since 13.09.2011
Published:31.10.2011
Source:
SecurityVulns ID:11907
Type:remote
Threat Level:
6/10
Description:It's possible to bypass ACL limitation. Local code execution.
Affected:CISCO : Cisco MDS 9000
 CISCO : Cisco Nexus 5000
 CISCO : Cisco Nexus 7000
 CISCO : Cisco Nexus 3000
 CISCO : Cisco Nexus 2000
 CISCO : Cisco Nexus 4000
CVE:CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.)
 CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.)
Original documentdocumentCISCO, RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (31.10.2011)
 document0x9950_(at)_gmail.com, [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (26.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability (13.09.2011)

Adobe Acrobat / Reader multiple security vulnerabilities
updated since 16.09.2011
Published:31.10.2011
Source:
SecurityVulns ID:11911
Type:client
Threat Level:
7/10
Description:Privilege escalation, memory leakage, code executions, multiple buffer overflows.
Affected:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
CVE:CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability.")
 CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability.")
 CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.)
 CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.)
 CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.)
 CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability.")
 CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.)
 CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.)
Original documentdocumentZDI, ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability (31.10.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (16.09.2011)

HP Network Node Manager i information leakage
updated since 06.04.2011
Published:31.10.2011
Source:
SecurityVulns ID:11567
Type:remote
Threat Level:
5/10
Affected:HP : Network Node Manager i 9.0
CVE:CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.)
 CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 allows local users to read arbitrary files via unknown vectors.)
 CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors.)
 CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.)
Original documentdocumentHP, [security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information (31.10.2011)
 documentHP, [security bulletin] HPSBMA02659 SSRT100440 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access (19.04.2011)
 documentHP, [security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS) (14.04.2011)
 documentHP, [security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS) (14.04.2011)
 documentHP, [security bulletin] HPSBMA02652 SSRT100432 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure (06.04.2011)

Cisco Unified Communications Manager / Cisco Unified Contact Center Express directory traversal
updated since 31.10.2011
Published:11.11.2011
Source:
SecurityVulns ID:12003
Type:remote
Threat Level:
5/10
Description:Directory traversal in embedded web services on TCP/8080 and TCP/9080 ports.
Affected:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.1
 CISCO : Unified Communications Manager 8.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Unified Contact Center Express 6.0
 CISCO : Unified Contact Center Express 7.0
 CISCO : Unified Contact Center Express 8.0
 CISCO : Unified Contact Center Express 8.5
CVE:CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.)
Original documentdocumententomology, Cisco CUCM - Multiple Vulnerabilities (11.11.2011)
 documentddivulnalert_(at)_ddifrontline.com, DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315] (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability (31.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability (31.10.2011)

Cisco WebEx Player buffer overflow
updated since 31.10.2011
Published:09.04.2012
Source:
SecurityVulns ID:12005
Type:client
Threat Level:
5/10
Description:Buffer overflow on .WRF files parsing.
Affected:CISCO : WebEx Player T26
 CISCO : WebEx Player T27
CVE:CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.)
Original documentdocumentCISCO, Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player (09.04.2012)
 documentZDI, ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability (11.12.2011)
 documentCISCO, ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerability (31.10.2011)
 documentCISCO, Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player (31.10.2011)

Apple QuickTime multiple security vulnerabilities
updated since 31.10.2011
Published:20.08.2012
Source:
SecurityVulns ID:12002
Type:remote
Threat Level:
7/10
Description:Multiple memory corruption on different multimedia formats parsing, crossite scripting.
Affected:APPLE : QuickTime 7.7
CVE:CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.)
 CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.)
 CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.)
 CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.)
 CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
 CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.)
 CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.)
 CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.)
 CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.)
Original documentdocumentZDI, ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability (20.08.2012)
 documentZDI, ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentAPPLE, APPLE-SA-2011-10-26-1 QuickTime 7.7.1 (31.10.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod