Vulnerability Summary for the Week of February 15, 2010
Released
Feb 23, 2010
Document ID
SB10-053
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- webkit google -- chrome | WebKit before r53525, as used in Google Chrome before 4.0.249.89,allows remote attackers to execute arbitrary code in the Chrome sandboxvia a malformed RUBY element, as demonstrated by a <ruby>><rt> sequence.</rt><table> <tbody><tr> | 2010-02-18 | 9.3 | CVE-2010-0647 CONFIRM |
| apple -- webkit google -- chrome | WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit beforer52401, as used in Google Chrome before 4.0.249.78, allows remoteattackers to bypass the Same Origin Policy via vectors involving thewindow.open method. | 2010-02-18 | 7.5 | CVE-2010-0661 CONFIRM CONFIRM |
| dokuwiki -- dokuwiki | A typo in the administrator permission check in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to gain privileges and access closed wikis by editing currentACL statements, as demonstrated in the wild in January 2010. | 2010-02-15 | 7.5 | CVE-2010-0288 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM |
| google -- chrome | Multiple integer overflows in factory.cc in Google V8 before r3560, asused in Google Chrome before 4.0.249.89, allow remote attackers toexecute arbitrary code in the Chrome sandbox via crafted use ofJavaScript arrays. | 2010-02-18 | 9.3 | CVE-2010-0645 CONFIRM |
| google -- chrome | Multiple integer signedness errors in factory.cc in Google V8 beforer3560, as used in Google Chrome before 4.0.249.89, allow remoteattackers to execute arbitrary code in the Chrome sandbox via crafteduse of JavaScript arrays. | 2010-02-18 | 10.0 | CVE-2010-0646 VUPEN CONFIRM |
| google -- chrome | Integer overflow in the CrossCallParamsEx::CreateFromBuffer function insandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89allows attackers to leverage renderer access to cause a denial ofservice (heap memory corruption) or possibly have unspecified otherimpact via a malformed message, related to deserializing of sandboxmessages. | 2010-02-18 | 9.3 | CVE-2010-0649 CONFIRM |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 4.0.249.78 allowsuser-assisted remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via vectorsinvolving the display of a blocked popup window during navigation to adifferent web site. | 2010-02-18 | 9.3 | CVE-2010-0655 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.78 on Windows does not perform theexpected encoding, escaping, and quoting for the URL in the --appargument in a desktop shortcut, which allows user-assisted remoteattackers to execute arbitrary programs or obtain sensitive informationby tricking a user into creating a crafted shortcut. | 2010-02-18 | 9.3 | CVE-2010-0657 CONFIRM SECTRACK CONFIRM CONFIRM |
| google -- chrome | Multiple integer overflows in Skia, as used in Google Chrome before4.0.249.78, allow remote attackers to execute arbitrary code in theChrome sandbox or cause a denial of service (memory corruption andapplication crash) via vectors involving CANVAS elements. | 2010-02-18 | 9.3 | CVE-2010-0658 CONFIRM |
| juniper -- odyssey_access_client | Stack-based buffer overflow in dsInstallerService.dll in the JuniperInstaller Service, as used in Juniper Odyssey Access Client4.72.11421.0 and other products, allows remote attackers to executearbitrary code via a long string in a malformedDSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService namedpipe. | 2010-02-15 | 10.0 | CVE-2009-4643 MISC IDEFENSE |
| realnetworks -- helix_player realnetworks -- realplayer | Buffer overflow in the Unescape function in common/util/hxurl.cpp andplayer/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a URLargument containing a % (percent) character that is not followed by twohex digits. | 2010-02-18 | 7.5 | CVE-2010-0416 CONFIRM CONFIRM REDHAT MLIST |
| sun -- openoffice.org | Integer overflow in the XPMReader::ReadXPM function infilter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2allows remote attackers to execute arbitrary code via a crafted XPMfile that triggers a heap-based buffer overflow. | 2010-02-16 | 9.3 | CVE-2009-2949 VUPEN |
| sun -- openoffice.org | Heap-based buffer overflow in theGIFLZWDecompressor::GIFLZWDecompressor function infilter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allowsremote attackers to cause a denial of service (application crash) orpossibly execute arbitrary code via a crafted GIF file, related to LZWdecompression. | 2010-02-16 | 9.3 | CVE-2009-2950 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA |
| sun -- openoffice.org | Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo)before 3.2 allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a craftedsprmTDefTable table property modifier in a Word document. | 2010-02-16 | 9.3 | CVE-2009-3301 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA |
| sun -- openoffice.org | filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remoteattackers to cause a denial of service (application crash) or possiblyexecute arbitrary code via a crafted sprmTSetBrc table propertymodifier in a Word document, related to a "boundary error flaw." | 2010-02-16 | 9.3 | CVE-2009-3302 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA |
| sun -- openoffice.org | OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforceVisual Basic for Applications (VBA) macro security settings, whichallows remote attackers to run arbitrary macros via a crafted document. | 2010-02-16 | 9.3 | CVE-2010-0136 BID MLIST DEBIAN SECTRACK |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- blazeds adobe -- coldfusion adobe -- flex_data_services adobe -- lifecycle adobe -- lifecycle_data_services | Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents. | 2010-02-15 | 4.3 | CVE-2009-3960 BID OSVDB CONFIRM SECTRACK |
| adobe -- adobe_air adobe -- flash_player | Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors. | 2010-02-15 | 6.8 | CVE-2010-0186 CONFIRM |
| adobe -- adobe_air adobe -- flash_player | Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file. | 2010-02-15 | 4.3 | CVE-2010-0187 REDHAT CONFIRM BID MISC CONFIRM SECTRACK MISC |
| apple -- safari apple -- webkit google -- chrome | WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0651 CONFIRM |
| apple -- webkit google -- chrome | WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document. | 2010-02-18 | 4.3 | CVE-2010-0656 CONFIRM |
| apple -- webkit google -- chrome | The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size. | 2010-02-18 | 6.8 | CVE-2010-0659 CONFIRM |
| cisco -- collaboration_server | Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter. | 2010-02-17 | 4.3 | CVE-2010-0641 XF BID MISC |
| cisco -- collaboration_server | Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components. | 2010-02-17 | 5.0 | CVE-2010-0642 XF BID MISC |
| dokuwiki -- dokuwiki | Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter. | 2010-02-15 | 5.0 | CVE-2010-0287 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM |
| dokuwiki -- dokuwiki | Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors. | 2010-02-15 | 6.8 | CVE-2010-0289 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM |
| google -- chrome | browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element. | 2010-02-18 | 4.3 | CVE-2010-0556 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity. | 2010-02-18 | 4.3 | CVE-2010-0643 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity. | 2010-02-18 | 4.3 | CVE-2010-0644 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging. | 2010-02-18 | 5.0 | CVE-2010-0660 CONFIRM |
| google -- chrome | The ParamTraits | 2010-02-18 | 4.3 | CVE-2010-0662 CONFIRM |
| google -- chrome | The ParamTraits | 2010-02-18 | 4.3 | CVE-2010-0663 CONFIRM |
| google -- chrome | Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring. | 2010-02-18 | 4.3 | CVE-2010-0664 CONFIRM |
| intel -- e1000 linux -- kernel linux -- kernel | The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | 2010-02-15 | 4.6 | CVE-2010-0291 CONFIRM |
| intel -- e1000 linux -- kernel linux -- kernel | The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function. | 2010-02-17 | 4.7 | CVE-2010-0307 CONFIRM BID MLIST MLIST MLIST MLIST CONFIRM MISC CONFIRM MLIST CONFIRM |
| k5n -- webcalendar | Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information. | 2010-02-15 | 6.8 | CVE-2010-0638 SECUNIA |
| linux -- kernel | The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set. | 2010-02-17 | 4.6 | CVE-2010-0415 CONFIRM |
| microsoft -- internet_explorer | Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0652 MISC |
| mozilla -- firefox | Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement. | 2010-02-18 | 4.3 | CVE-2010-0648 MISC MISC |
| mozilla -- firefox | Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0654 MISC |
| opera -- opera_browser | Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0653 MISC |
| realnetworks -- helix_player realnetworks -- realplayer | Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption. | 2010-02-18 | 5.0 | CVE-2010-0417 CONFIRM CONFIRM REDHAT MLIST |
| squid-cache -- squid | The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference. | 2010-02-15 | 5.0 | CVE-2010-0639 VUPEN MISC MISC CONFIRM SECTRACK BID OSVDB MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- blazeds adobe -- coldfusion adobe -- flex_data_services adobe -- lifecycle adobe -- lifecycle_data_services | Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents. | 2010-02-15 | 4.3 | CVE-2009-3960 BID OSVDB CONFIRM SECTRACK |
| adobe -- adobe_air adobe -- flash_player | Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors. | 2010-02-15 | 6.8 | CVE-2010-0186 CONFIRM |
| adobe -- adobe_air adobe -- flash_player | Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file. | 2010-02-15 | 4.3 | CVE-2010-0187 REDHAT CONFIRM BID MISC CONFIRM SECTRACK MISC |
| apple -- safari apple -- webkit google -- chrome | WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0651 CONFIRM |
| apple -- webkit google -- chrome | WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document. | 2010-02-18 | 4.3 | CVE-2010-0656 CONFIRM |
| apple -- webkit google -- chrome | The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size. | 2010-02-18 | 6.8 | CVE-2010-0659 CONFIRM |
| cisco -- collaboration_server | Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter. | 2010-02-17 | 4.3 | CVE-2010-0641 XF BID MISC |
| cisco -- collaboration_server | Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components. | 2010-02-17 | 5.0 | CVE-2010-0642 XF BID MISC |
| dokuwiki -- dokuwiki | Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter. | 2010-02-15 | 5.0 | CVE-2010-0287 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM |
| dokuwiki -- dokuwiki | Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors. | 2010-02-15 | 6.8 | CVE-2010-0289 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM |
| google -- chrome | browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element. | 2010-02-18 | 4.3 | CVE-2010-0556 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity. | 2010-02-18 | 4.3 | CVE-2010-0643 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity. | 2010-02-18 | 4.3 | CVE-2010-0644 CONFIRM |
| google -- chrome | Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging. | 2010-02-18 | 5.0 | CVE-2010-0660 CONFIRM |
| google -- chrome | The ParamTraits | 2010-02-18 | 4.3 | CVE-2010-0662 CONFIRM |
| google -- chrome | The ParamTraits | 2010-02-18 | 4.3 | CVE-2010-0663 CONFIRM |
| google -- chrome | Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring. | 2010-02-18 | 4.3 | CVE-2010-0664 CONFIRM |
| intel -- e1000 linux -- kernel linux -- kernel | The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | 2010-02-15 | 4.6 | CVE-2010-0291 CONFIRM |
| intel -- e1000 linux -- kernel linux -- kernel | The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function. | 2010-02-17 | 4.7 | CVE-2010-0307 CONFIRM BID MLIST MLIST MLIST MLIST CONFIRM MISC CONFIRM MLIST CONFIRM |
| k5n -- webcalendar | Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information. | 2010-02-15 | 6.8 | CVE-2010-0638 SECUNIA |
| linux -- kernel | The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set. | 2010-02-17 | 4.6 | CVE-2010-0415 CONFIRM |
| microsoft -- internet_explorer | Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0652 MISC |
| mozilla -- firefox | Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement. | 2010-02-18 | 4.3 | CVE-2010-0648 MISC MISC |
| mozilla -- firefox | Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0654 MISC |
| opera -- opera_browser | Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. | 2010-02-18 | 4.3 | CVE-2010-0653 MISC |
| realnetworks -- helix_player realnetworks -- realplayer | Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption. | 2010-02-18 | 5.0 | CVE-2010-0417 CONFIRM CONFIRM REDHAT MLIST |
| squid-cache -- squid | The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference. | 2010-02-15 | 5.0 | CVE-2010-0639 VUPEN MISC MISC CONFIRM SECTRACK BID OSVDB MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- safari google -- chrome | WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari,allows remote attackers to bypass intended restrictions on popupwindows via crafted use of a mouse click event. | 2010-02-18 | 2.6 | CVE-2010-0650 CONFIRM CONFIRM SECTRACK CONFIRM CONFIRM |
| linux -- kernel | The wake_futex_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly handle certain unlock operations for aPriority Inheritance (PI) futex, which allows local users to cause adenial of service (OOPS) and possibly have unspecified other impact viavectors involving modification of the futex value from user space. | 2010-02-15 | 2.1 | CVE-2010-0622 CONFIRM |
| linux -- kernel | The futex_lock_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly manage a certain reference count, whichallows local users to cause a denial of service (OOPS) via vectorsinvolving an unmount of an ext3 filesystem. | 2010-02-15 | 2.1 | CVE-2010-0623 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.