Vulnerability Summary for the Week of November 8, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- shockwave_player | Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player 11.5.9.615 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2010-11-05 | 9.3 | CVE-2010-4092 XF BID SECUNIA OSVDB |
adobe -- flash_player | Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors. | 2010-11-07 | 9.3 | CVE-2010-3636 CONFIRM |
adobe -- flash_player | An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. | 2010-11-07 | 9.3 | CVE-2010-3637 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | 2010-11-07 | 9.3 | CVE-2010-3639 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3640 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3641 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3642 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3643 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3644 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3645 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3646 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3647 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3648 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3650, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3649 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3652. | 2010-11-07 | 9.3 | CVE-2010-3650 CONFIRM |
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, and CVE-2010-3650. | 2010-11-07 | 9.3 | CVE-2010-3652 CONFIRM |
adobe -- acrobat_reader | The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. | 2010-11-07 | 9.3 | CVE-2010-4091 XF VUPEN BID EXPLOIT-DB SECUNIA OSVDB MISC MISC FULLDISC |
adobe -- flash_media_server | Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability." | 2010-11-09 | 10.0 | CVE-2010-3635 CONFIRM |
apple -- cups | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | 2010-11-05 | 7.9 | CVE-2010-2941 CONFIRM XF VUPEN BID OSVDB SECTRACK REDHAT |
cisco -- intelligent_contact_manager | Multiple stack-based buffer overflows in agent.exe in Setup Manager in Cisco Intelligent Contact Manager (ICM) before 7.0 allow remote attackers to execute arbitrary code via a long parameter in a (1) HandleUpgradeAll, (2) AgentUpgrade, (3) HandleQueryNodeInfoReq, or (4) HandleUpgradeTrace TCP packet, aka Bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164. | 2010-11-09 | 10.0 | CVE-2010-3040 MISC MISC MISC MISC VUPEN BID CONFIRM SECTRACK SECUNIA |
energine -- energine | SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. | 2010-11-05 | 7.5 | CVE-2010-4185 BUGTRAQ EXPLOIT-DB SECUNIA |
google -- chrome | Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | 2010-11-05 | 9.3 | CVE-2010-4197 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 7.0.517.44 does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | 2010-11-05 | 9.3 | CVE-2010-4198 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | 2010-11-05 | 9.3 | CVE-2010-4199 CONFIRM CONFIRM |
google -- chrome | Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. | 2010-11-05 | 9.3 | CVE-2010-4201 CONFIRM CONFIRM |
google -- chrome | Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. | 2010-11-05 | 9.3 | CVE-2010-4202 CONFIRM CONFIRM |
google -- chrome | WebM libvpx (aka the VP8 Codec SDK), as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 2010-11-05 | 9.3 | CVE-2010-4203 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 7.0.517.44 accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2010-11-05 | 9.3 | CVE-2010-4204 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2010-11-05 | 9.3 | CVE-2010-4205 CONFIRM CONFIRM CONFIRM CONFIRM |
google -- chrome | Google Chrome before 7.0.517.44 accesses memory at an out-of-bounds array index during processing of an SVG document, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2010-11-05 | 9.3 | CVE-2010-4206 CONFIRM CONFIRM |
ibm -- enovia | Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." | 2010-11-09 | 10.0 | CVE-2010-4218 VUPEN AIXAPAR CONFIRM |
justsystems -- ichitaro | Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916. | 2010-11-05 | 9.3 | CVE-2010-3915 XF VUPEN MISC BID CONFIRM MISC SECUNIA OSVDB JVNDB JVN |
justsystems -- ichitaro | Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915. | 2010-11-05 | 9.3 | CVE-2010-3916 VUPEN BID CONFIRM MISC SECUNIA OSVDB JVNDB JVN |
microsoft -- ie | Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue, as exploited in the wild in November 2010. | 2010-11-05 | 9.3 | CVE-2010-3962 CERT-VN XF VUPEN MISC SECTRACK CONFIRM EXPLOIT-DB EXPLOIT-DB SECUNIA CONFIRM |
microsoft -- powerpoint | Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-2572 MS |
microsoft -- office | Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-2573 MS |
microsoft -- office | Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-3333 MS |
microsoft -- office | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-3334 MS |
microsoft -- office | Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-3335 MS |
microsoft -- office | Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability." | 2010-11-09 | 9.3 | CVE-2010-3336 MS |
microsoft -- office | Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142. | 2010-11-09 | 9.3 | CVE-2010-3337 MS |
nullsoft -- winamp | Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream. | 2010-11-05 | 9.3 | CVE-2010-1523 BUGTRAQ MISC CONFIRM |
onlinetechtools.com -- oasys_professional | SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | 2010-11-05 | 7.5 | CVE-2010-4186 XF BID EXPLOIT-DB SECUNIA OSVDB |
proftpd -- proftpd | Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command. | 2010-11-09 | 7.1 | CVE-2010-3867 VUPEN BID CONFIRM MLIST SLACKWARE SECUNIA SECUNIA CONFIRM |
proftpd -- proftpd | Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. | 2010-11-09 | 10.0 | CVE-2010-4221 MISC BID CONFIRM SECUNIA CONFIRM |
turbogears -- turbogears2 | The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | 2010-11-05 | 7.5 | CVE-2009-5014 MLIST |
turbogears -- turbogears2 | The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | 2010-11-05 | 7.5 | CVE-2009-5015 MLIST |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. | 2010-11-07 | 4.3 | CVE-2010-3638 CONFIRM |
adobe -- flash_media_server | Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 2010-11-09 | 5.0 | CVE-2010-3633 CONFIRM |
adobe -- flash_media_server | Unspecified vulnerability in the edge process in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to cause a denial of service via unknown vectors. | 2010-11-09 | 5.0 | CVE-2010-3634 CONFIRM |
apache -- shiro | Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI. | 2010-11-05 | 5.0 | CVE-2010-3863 XF VUPEN BID BUGTRAQ SECUNIA OSVDB FULLDISC |
apple -- cups | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | 2010-11-05 | 6.8 | CVE-2010-3702 CONFIRM BID MISC CONFIRM UBUNTU REDHAT REDHAT REDHAT REDHAT REDHAT MLIST DEBIAN FEDORA FEDORA FEDORA |
bankofamerica -- bank_of_america | The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | 2010-11-08 | 4.3 | CVE-2010-4213 MISC MISC MISC |
banshee-project -- banshee | The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-11-05 | 6.9 | CVE-2010-3998 CONFIRM |
cisco -- unified_communications_manager | /usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930. | 2010-11-09 | 6.8 | CVE-2010-3039 VUPEN BID MISC CONFIRM SECUNIA FULLDISC |
cstr -- festival | festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-11-05 | 6.9 | CVE-2010-3996 CONFIRM BID MLIST |
foolabs -- xpdf | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. | 2010-11-05 | 6.8 | CVE-2010-3704 CONFIRM CONFIRM CONFIRM UBUNTU REDHAT REDHAT REDHAT REDHAT MLIST DEBIAN FEDORA FEDORA FEDORA |
gnome -- gnome-shell | gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-11-05 | 6.9 | CVE-2010-4000 CONFIRM |
gnome -- tomboy | The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. | 2010-11-05 | 6.9 | CVE-2010-4005 CONFIRM |
gnucash -- gnucash | gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-11-05 | 6.9 | CVE-2010-3999 CONFIRM VUPEN BID SECUNIA SECUNIA FEDORA FEDORA FEDORA |
google -- chrome | Google Chrome before 7.0.517.44 reads from invalid memory locations during processing of XPath expressions, which allows remote attackers to cause a denial of service via unspecified vectors. | 2010-11-05 | 4.3 | CVE-2010-4200 CONFIRM CONFIRM |
gromacs -- gromacs | ** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script. | 2010-11-05 | 4.6 | CVE-2010-4001 MISC |
horde -- horde_application_framework | Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. | 2010-11-09 | 4.3 | CVE-2010-3077 FULLDISC MLIST CONFIRM CONFIRM |
horde -- horde_application_framework | Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form. | 2010-11-09 | 6.8 | CVE-2010-3694 MLIST CONFIRM |
htmlpurifier -- htmlpurifier | Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. | 2010-11-05 | 4.3 | CVE-2010-4183 CONFIRM CONFIRM |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-09 | 4.3 | CVE-2010-0783 XF OSVDB CONFIRM CONFIRM SECTRACK SECUNIA SECUNIA |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-11-09 | 4.3 | CVE-2010-0784 XF VUPEN BID CONFIRM CONFIRM AIXAPAR SECUNIA |
ibm -- websphere_application_server | Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2010-11-09 | 6.0 | CVE-2010-0785 XF VUPEN BID CONFIRM AIXAPAR AIXAPAR SECUNIA |
ibm -- websphere_application_server | The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. | 2010-11-09 | 5.0 | CVE-2010-0786 XF CONFIRM |
ibm -- websphere_commerce | SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | 2010-11-09 | 6.5 | CVE-2010-2635 XF |
ibm -- websphere_commerce | Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2010-11-09 | 4.3 | CVE-2010-2636 XF |
ibm -- tivoli_directory_server | IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. | 2010-11-09 | 5.0 | CVE-2010-4216 XF VUPEN BID AIXAPAR SECUNIA |
ibm -- tivoli_directory_server | Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | 2010-11-09 | 5.0 | CVE-2010-4217 VUPEN VUPEN BID OSVDB AIXAPAR AIXAPAR SECTRACK SECUNIA |
ibm -- websphere_portal | Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | 2010-11-09 | 4.3 | CVE-2010-4219 VUPEN AIXAPAR |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | 2010-11-09 | 4.3 | CVE-2010-4220 CONFIRM AIXAPAR SECUNIA |
mahara -- mahara | Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | 2010-11-09 | 4.3 | CVE-2010-3871 XF BID CONFIRM SECUNIA |
microsoft -- forefront_unified_access_gateway | Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." | 2010-11-09 | 5.8 | CVE-2010-2732 MS |
microsoft -- forefront_unified_access_gateway | Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability." | 2010-11-09 | 4.3 | CVE-2010-2733 MS |
microsoft -- forefront_unified_access_gateway | Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability." | 2010-11-09 | 4.3 | CVE-2010-2734 MS |
microsoft -- forefront_unified_access_gateway | Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability." | 2010-11-09 | 4.3 | CVE-2010-3936 MS |
mozilla -- bugzilla | The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | 2010-11-05 | 5.0 | CVE-2010-3764 CONFIRM VUPEN CONFIRM |
netsupportsoftware -- netsupport_manager | NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. | 2010-11-05 | 5.0 | CVE-2010-4184 CERT-VN XF CONFIRM |
nongnu -- cvs | Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow. | 2010-11-05 | 6.9 | CVE-2010-3846 CONFIRM VUPEN CONFIRM XF OSVDB SECUNIA FEDORA |
php -- php | fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename. | 2010-11-08 | 5.0 | CVE-2010-3436 CONFIRM CONFIRM MANDRIVA CONFIRM |
php -- php | The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. | 2010-11-08 | 4.3 | CVE-2010-3709 CONFIRM CONFIRM MANDRIVA EXPLOIT-DB SREASONRES |
poppler -- poppler | The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference. | 2010-11-05 | 4.3 | CVE-2010-3703 CONFIRM UBUNTU MLIST FEDORA FEDORA FEDORA CONFIRM |
proftpd -- proftpd | The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer. | 2010-11-09 | 4.0 | CVE-2008-7265 CONFIRM |
pythonpaste -- paste | Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound. | 2010-11-05 | 4.3 | CVE-2010-2477 MLIST MLIST CONFIRM CONFIRM MLIST |
redhat -- luci | The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | 2010-11-05 | 6.4 | CVE-2010-3852 CONFIRM XF VUPEN VUPEN BID SECUNIA SECUNIA OSVDB FEDORA FEDORA FEDORA CONFIRM |
scottmac -- libmbfl | The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | 2010-11-09 | 5.0 | CVE-2010-4156 MLIST MLIST MISC MISC BID SECUNIA |
transware -- active!_mail | CRLF injection vulnerability in TransWARE Active! mail 6 build 6.40.010047750 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 2010-11-05 | 4.3 | CVE-2010-3913 CONFIRM OSVDB SECUNIA JVNDB JVN |
usaa -- usaa | The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | 2010-11-08 | 4.3 | CVE-2010-4212 MISC MISC MISC |
wellsfargo -- wells_fargo_mobile | The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | 2010-11-08 | 4.3 | CVE-2010-4214 MISC MISC MISC |
yahoo -- yui | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | 2010-11-07 | 4.3 | CVE-2010-4207 CONFIRM VUPEN MLIST CONFIRM SECUNIA CONFIRM |
yahoo -- yui | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | 2010-11-07 | 4.3 | CVE-2010-4208 CONFIRM VUPEN MLIST CONFIRM SECUNIA CONFIRM |
yahoo -- yui | Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | 2010-11-07 | 4.3 | CVE-2010-4209 CONFIRM VUPEN MLIST CONFIRM SECUNIA |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
ebay -- paypal | The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2010-11-08 | 2.9 | CVE-2010-4211 XF VUPEN BID MISC MISC MISC MISC MISC |
mozilla -- bugzilla | CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. | 2010-11-05 | 2.6 | CVE-2010-3172 CONFIRM VUPEN CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.