{"cve": [{"lastseen": "2019-12-03T17:07:13", "bulletinFamily": "NVD", "description": "FreeBSD: Input Validation Flaw allows local users to gain elevated privileges", "modified": "2019-12-02T18:38:00", "id": "CVE-2012-4576", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4576", "published": "2019-12-02T18:15:00", "title": "CVE-2012-4576", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:04:16", "bulletinFamily": "NVD", "description": "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.", "modified": "2019-12-02T18:38:00", "id": "CVE-2014-9356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356", "published": "2019-12-02T18:15:00", "title": "CVE-2014-9356", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:08:34", "bulletinFamily": "NVD", "description": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\"", "modified": "2019-12-02T13:37:00", "id": "CVE-2015-0837", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0837", "published": "2019-11-29T22:15:00", "title": "CVE-2015-0837", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:04:10", "bulletinFamily": "NVD", "description": "Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.", "modified": "2019-12-02T13:37:00", "published": "2019-11-29T22:15:00", "id": "CVE-2014-3591", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3591", "title": "CVE-2014-3591", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:08:36", "bulletinFamily": "NVD", "description": "cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.", "modified": "2019-12-02T13:37:00", "id": "CVE-2015-2060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2060", "published": "2019-11-29T21:15:00", "title": "CVE-2015-2060", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:08:37", "bulletinFamily": "NVD", "description": "The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.", "modified": "2019-12-02T13:37:00", "id": "CVE-2015-3406", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3406", "published": "2019-11-29T21:15:00", "title": "CVE-2015-3406", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:08:35", "bulletinFamily": "NVD", "description": "verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.", "modified": "2019-12-02T13:37:00", "published": "2019-11-29T21:15:00", "id": "CVE-2015-1855", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1855", "title": "CVE-2015-1855", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-03T17:04:10", "bulletinFamily": "NVD", "description": "The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks", "modified": "2019-11-29T12:24:00", "id": "CVE-2014-3875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3875", "published": "2019-11-27T19:15:00", "title": "CVE-2014-3875", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-11-26T12:31:59", "bulletinFamily": "NVD", "description": "A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.", "modified": "2019-11-25T17:35:00", "id": "CVE-2015-1396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1396", "published": "2019-11-25T16:15:00", "title": "CVE-2015-1396", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-11-23T14:00:26", "bulletinFamily": "NVD", "description": "Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka \"XSS File Upload.\"", "modified": "2019-11-22T19:39:00", "id": "CVE-2013-6234", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6234", "published": "2019-11-22T19:15:00", "title": "CVE-2013-6234", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-12-04T15:52:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-11-30T00:00:00", "published": "2019-11-30T00:00:00", "id": "OPENVAS:1361412562310892014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892014", "title": "Debian LTS Advisory ([SECURITY] [DLA 2014-1] vino security update)", "type": "openvas", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892014\");\n script_version(\"2019-11-30T03:00:09+0000\");\n script_cve_id(\"CVE-2014-6053\", \"CVE-2018-7225\", \"CVE-2019-15681\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-30 03:00:09 +0000 (Sat, 30 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-30 03:00:09 +0000 (Sat, 30 Nov 2019)\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 2014-1] vino security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2014-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/945784\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vino'\n package(s) announced via the DSA-2014-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been identified in the VNC code of vino, a\ndesktop sharing utility for the GNOME desktop environment.\n\nThe vulnerabilities referenced below are issues that have originally been\nreported against Debian source package libvncserver. The vino source\npackage in Debian ships a custom-patched and stripped down variant of\nlibvncserver, thus some of libvncserver's security fixes required porting\nover.\n\nCVE-2014-6053\n\nThe rfbProcessClientNormalMessage function in\nlibvncserver/rfbserver.c in LibVNCServer did not properly handle\nattempts to send a large amount of ClientCutText data, which allowed\nremote attackers to cause a denial of service (memory consumption or\ndaemon crash) via a crafted message that was processed by using a\nsingle unchecked malloc.\n\nCVE-2018-7225\n\nAn issue was discovered in LibVNCServer.\nrfbProcessClientNormalMessage() in rfbserver.c did not sanitize\nmsg.cct.length, leading to access to uninitialized and potentially\nsensitive data or possibly unspecified other impact (e.g., an integer\noverflow) via specially crafted VNC packets.\n\nCVE-2019-15681\n\nLibVNC contained a memory leak (CWE-655) in VNC server code, which\nallowed an attacker to read stack memory and could be abused for\ninformation disclosure. Combined with another vulnerability, it could\nbe used to leak stack memory and bypass ASLR. This attack appeared to\nbe exploitable via network connectivity.\");\n\n script_tag(name:\"affected\", value:\"'vino' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n3.14.0-2+deb8u1.\n\nWe recommend that you upgrade your vino packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"vino\", ver:\"3.14.0-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-11-29T22:14:35", "bulletinFamily": "unix", "description": "Package : vino\nVersion : 3.14.0-2+deb8u1\nCVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681\nDebian Bug : 945784\n\n\nSeveral vulnerabilities have been identified in the VNC code of vino, a\ndesktop sharing utility for the GNOME desktop environment.\n\nThe vulnerabilities referenced below are issues that have originally been\nreported against Debian source package libvncserver. The vino source\npackage in Debian ships a custom-patched and stripped down variant of\nlibvncserver, thus some of libvncserver's security fixes required porting\nover.\n\nCVE-2014-6053\n\n The rfbProcessClientNormalMessage function in\n libvncserver/rfbserver.c in LibVNCServer did not properly handle\n attempts to send a large amount of ClientCutText data, which allowed\n remote attackers to cause a denial of service (memory consumption or\n daemon crash) via a crafted message that was processed by using a\n single unchecked malloc.\n\nCVE-2018-7225\n\n An issue was discovered in LibVNCServer.\n rfbProcessClientNormalMessage() in rfbserver.c did not sanitize\n msg.cct.length, leading to access to uninitialized and potentially\n sensitive data or possibly unspecified other impact (e.g., an integer\n overflow) via specially crafted VNC packets.\n\nCVE-2019-15681\n\n LibVNC contained a memory leak (CWE-655) in VNC server code, which\n allowed an attacker to read stack memory and could be abused for\n information disclosure. Combined with another vulnerability, it could\n be used to leak stack memory and bypass ASLR. This attack appeared to\n be exploitable via network connectivity.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.14.0-2+deb8u1.\n\nWe recommend that you upgrade your vino packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \n\nmike gabriel aka sunweaver (Debian Developer)\nfon: +49 (1520) 1976 148\n\nGnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31\nmail: sunweaver@debian.org, http://sunweavers.net\n", "modified": "2019-11-29T08:31:28", "published": "2019-11-29T08:31:28", "id": "DEBIAN:DLA-2014-1:AEDFD", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201911/msg00032.html", "title": "[SECURITY] [DLA 2014-1] vino security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2019-12-04T01:58:54", "bulletinFamily": "exploit", "description": "Exploit for windows platform in category dos / poc", "modified": "2019-11-27T00:00:00", "published": "2019-11-27T00:00:00", "id": "1337DAY-ID-33593", "href": "https://0day.today/exploit/description/33593", "title": "InduSoft Web Studio 8.1 SP1 - (Atributos) Denial of Service Exploit", "type": "zdt", "sourceData": "# Exploit Title: InduSoft Web Studio 8.1 SP1 - \"Atributos\" Denial of Service (PoC)\r\n# Discovery by: chuyreds\r\n# Vendor Homepage: http://www.indusoft.com/\r\n# Software Link : http://www.indusoft.com/Products-Downloads\r\n# Tested Version: 8.1 SP1\r\n# Vulnerability Type: Denial of Service (DoS) Local\r\n# Tested on OS: Windows 10 Pro x64 es\r\n\r\n# Exploit Title: InduSoft Web Studio 8.1 SP1 - \"Atributos\" 'No Redibujar'/'Deshabilitados' Denial of Service (PoC)\r\n# Discovery by: chuyreds\r\n# Google Dork: [email\u00a0protected]: chuyreds\r\n# Discovery Date: 23-11-2019\r\n# Vendor Homepage: http://www.indusoft.com/\r\n# Software Link : http://www.indusoft.com/Products-Downloads\r\n# Tested Version: 8.1 SP1\r\n# Vulnerability Type: Denial of Service (DoS) Local\r\n# Tested on OS: Windows 10 Pro x64 es\r\n\r\n# Steps to Produce the Denial of Service: \r\n# 1.- Run python code: InduSoft Web Studio Edition 8.1 SP1.py\r\n# 2.- Open InduSoft \"Web Studio Edition 8.1 SP1.txt\" and copy content to clipboard\r\n# 3.- Open InduSoft Web Studio Edition 8.1 SP1\r\n# 4.- On Graficos slect Atributos\r\n# 5.- Paste ClipBoard on \"No Redibujar\"/\"Deshabilitados\" and click on \"Aceptar\"\r\n\r\n\r\n#!/usr/bin/env python\r\n\r\nbuffer = \"\\x41\" * 1026\r\nf = open (\"InduSoft Web Studio Edition 8.1 SP1.txt\", \"w\")\r\nf.write(buffer)\r\nf.close()\n\n# 0day.today [2019-12-03] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/33593"}], "threatpost": [{"lastseen": "2019-11-21T12:16:22", "bulletinFamily": "info", "description": "Most people think if they keep their mobile apps updated to the latest version, they also are patching for critical vulnerabilities. Not so, said researchers from [Check Point Software](<https://www.checkpoint.com/pt/>), which discovered that outdated code\u2014including known vulnerabilities\u2014are still present in hundreds of popular apps on the Google Play Store, including Facebook, Instagram, WeChat and Yahoo Browser.\n\nIn a month-long study, Check Point Research cross-examined the latest versions of these and other high-profile mobile apps for three known remote control execution (RCE) vulnerabilities dating from 2014, 2015 and 2016, Check Point security researcher Slava Makkaveev revealed in research posted online Thursday.\n\nResearchers assigned each vulnerability two signatures, then ran a static engine to examine hundreds of mobile applications in Google\u2019s Play Store to see if old, vulnerable code was present in the latest version of the application.[](<https://threatpost.com/newsletter-sign/>)\n\nWhat they found may surprise many: critical vulnerabilities that app makers claim has been patched still existed in the latest versions of popular mobile applications, according to Makkaveev.\n\n\u201cJust three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,\u201d he wrote. \u201cCan you imagine how many popular apps an attacker can target if he scans Google Play for a hundred known vulnerabilities?\u201d\n\nThe research proves that updates pushed out by apps manufacturers are not a failsafe to keeping mobile devices secure from threats, according to Check Point.\n\n\u201cTheoretically, threat actors can steal and alter posts on Facebook, extract location data from Instagram and read SMS messages in WeChat,\u201d Check Point said in an email to Threatpost.\n\nThe research is more bad news for Google, which [has struggled](<https://threatpost.com/malicious-app-tallies-100-million-downloads/147748/>) with keeping [bad apps](<https://threatpost.com/google-play-malicious-apps-racked-up-335m-installs-in-september/148810/>)\u2014some [impersonating legitimate ones](<https://threatpost.com/threatlist-fake-mobile-apps-impersonating-legit-ones/149505/>)\u2014from finding their way onto Google Play. Now users have to contend with legitimate apps containing malicious code even if they diligently keep them up to date.\n\nThe problem lies in very old code in the form of reusable components called native libraries that are still running on mobile apps and typically can\u2019t be fixed with an update, according to Check Point.\n\nPart of Check Point\u2019s research focused on three critical vulnerabilities; a FLAC audio codec bug (CVE-2014-8962), a FFmpeg RTMP video streaming flaw (CVE-2015-8271) and a FFmpeg libavformat media handling issue (CVE-2016-3062).\n\n\u201cJust three vulnerabilities, all fixed over two years ago, make hundreds of apps potentially vulnerable to remote code execution,\u201d researchers wrote.\n\nThis code is \u201coften derived from open-source projects or incorporate fragments of code from open-source projects,\u201d Makkaveev wrote. \u201cWhen a vulnerability is found and fixed in an open-source project, its maintainers typically have no control over the native libraries which may be affected by the vulnerability, nor the apps using these native libraries.\u201d\n\nIn this way, an app may keep using the outdated version of the code even years after the vulnerability is discovered and ostensibly fixed, he wrote.\n\n\u201cIt may be overstating matters a bit to declare such an app vulnerable, as its flow may never reach the affected library code, but it certainly warrants an in-depth investigation by the app maintainers,\u201d according to Makkaveev.\n\nCheck Point has informed the companies responsible for the applications that it found in its study were still vulnerable, including Google. For the time being, the security firm urges people to install an antivirus-app that monitors vulnerable apps on their mobile devices, the company said.\n\n_**Is MFA enough to protect modern enterprises in the peak era of data breaches? How can you truly secure consumer accounts? Prevent account takeover? Find out: Catch our free, on-demand **_[_**Threatpost webinar**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=post>)_**, \u201cTrends in Fortune 1000 Breach Exposure\u201d to hear advice from breach expert Chip Witt of SpyCloud. **_[_**Click here to register**_](<https://attendee.gotowebinar.com/register/3127445778613605890?source=post>)_**.**_\n", "modified": "2019-11-21T12:05:58", "published": "2019-11-21T12:05:58", "id": "THREATPOST:FAAEF5703152D189DDBD05F50F1B38CC", "href": "https://threatpost.com/popular-apps-on-google-play-store-remain-unpatched/150502/", "type": "threatpost", "title": "Popular Apps on Google Play Store Remain Unpatched", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
