Vulnerability Summary for the Week of January 10, 2011
Released
Jan 17, 2011
Document ID
SB11-017
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| aimluck -- aipo | SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2011-01-13 | 7.5 | CVE-2010-3924 BID SECUNIA JVNDB JVN CONFIRM |
| ca -- arcserve_replication_and_high_availability | Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx. | 2011-01-07 | 7.5 | CVE-2010-3984 CONFIRM MISC SECTRACK BID BUGTRAQ SECUNIA |
| cisco -- adaptive_security_appliance_software | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. | 2011-01-07 | 7.8 | CVE-2010-4670 MISC CONFIRM MISC MISC MISC |
| cisco -- ios | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. | 2011-01-07 | 7.8 | CVE-2010-4671 MISC CONFIRM MISC MISC MISC |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. | 2011-01-07 | 7.8 | CVE-2010-4672 CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. | 2011-01-07 | 7.8 | CVE-2010-4673 CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. | 2011-01-07 | 7.8 | CVE-2010-4674 CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. | 2011-01-07 | 9.0 | CVE-2010-4675 CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. | 2011-01-07 | 7.5 | CVE-2010-4678 CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. | 2011-01-07 | 7.8 | CVE-2010-4679 CONFIRM |
| cisco -- adaptive_security_appliance_software | The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. | 2011-01-07 | 9.0 | CVE-2010-4680 CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. | 2011-01-07 | 7.5 | CVE-2010-4681 CONFIRM |
| cisco -- adaptive_security_appliance_software | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. | 2011-01-07 | 7.8 | CVE-2010-4682 CONFIRM |
| cisco -- ios | Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | 2011-01-07 | 7.8 | CVE-2009-5038 CONFIRM |
| cisco -- ios | Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | 2011-01-07 | 7.8 | CVE-2009-5039 CONFIRM |
| cisco -- ios | Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | 2011-01-07 | 7.8 | CVE-2010-4683 CONFIRM |
| cisco -- ios | Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | 2011-01-07 | 7.1 | CVE-2010-4684 CONFIRM |
| cisco -- ios | CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. | 2011-01-07 | 7.8 | CVE-2010-4686 CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. | 2011-01-07 | 7.8 | CVE-2010-4688 CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. | 2011-01-07 | 7.8 | CVE-2010-4689 CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. | 2011-01-07 | 7.8 | CVE-2010-4691 CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. | 2011-01-07 | 7.8 | CVE-2010-4692 CONFIRM |
| freetype -- freetype | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | 2011-01-07 | 9.3 | CVE-2010-3311 REDHAT REDHAT CONFIRM UBUNTU BID REDHAT DEBIAN SUSE |
| fribidi -- gnu_fribidi | Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences. | 2011-01-10 | 7.5 | CVE-2010-3444 MISC CONFIRM VUPEN BID SECUNIA FEDORA FEDORA |
| gnu -- glibc | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | 2011-01-07 | 7.2 | CVE-2010-3856 CONFIRM MLIST REDHAT VUPEN CONFIRM UBUNTU BID BUGTRAQ REDHAT DEBIAN CONFIRM GENTOO SECUNIA FULLDISC |
| gnu -- gimp | Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. | 2011-01-07 | 9.3 | CVE-2010-4541 CONFIRM VUPEN MLIST MLIST MISC |
| gnu -- gimp | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 7.5 | CVE-2010-4543 CONFIRM VUPEN OSVDB MLIST MLIST MISC |
| google -- chrome | The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 10.0 | CVE-2011-0471 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | 2011-01-14 | 9.3 | CVE-2011-0472 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0473 CONFIRM CONFIRM |
| hp -- openview_network_node_manager | Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter. | 2011-01-13 | 10.0 | CVE-2011-0261 MISC HP HP |
| hp -- openview_network_node_manager | Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. | 2011-01-13 | 10.0 | CVE-2011-0262 MISC HP HP |
| hp -- openview_network_node_manager | Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. | 2011-01-13 | 10.0 | CVE-2011-0263 MISC HP HP |
| hp -- openview_network_node_manager | Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. | 2011-01-13 | 10.0 | CVE-2011-0264 MISC HP HP |
| hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0265 MISC HP HP |
| hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. | 2011-01-13 | 10.0 | CVE-2011-0266 MISC HP HP |
| hp -- openview_network_node_manager | Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266. | 2011-01-13 | 10.0 | CVE-2011-0267 MISC HP HP |
| hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0268 MISC HP HP |
| hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0269 MISC HP HP |
| hp -- openview_network_node_manager | Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name. | 2011-01-13 | 10.0 | CVE-2011-0270 MISC HP HP |
| hp -- openview_network_node_manager | The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | 2011-01-13 | 10.0 | CVE-2011-0271 HP HP IDEFENSE |
| imgburn -- imgburn | Untrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | 2011-01-10 | 9.3 | CVE-2011-0403 XF BID SECUNIA MISC OSVDB |
| linux -- linux_kernel | Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. | 2011-01-10 | 7.2 | CVE-2010-3865 XF MLIST MLIST BID REDHAT MLIST MLIST SUSE SUSE SUSE |
| linux -- kernel | Race condition in the Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | 2011-01-10 | 7.1 | CVE-2010-4526 CONFIRM MLIST MLIST CONFIRM |
| microsoft -- windows_2003_server | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. | 2011-01-07 | 7.8 | CVE-2010-4669 MISC MISC MISC MISC |
| microsoft -- ie | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references. | 2011-01-07 | 10.0 | CVE-2011-0346 CERT-VN XF VUPEN BID BUGTRAQ MISC MISC MISC MISC FULLDISC |
| microsoft -- ie | Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. | 2011-01-07 | 9.3 | CVE-2011-0347 BUGTRAQ MISC MISC MISC MISC FULLDISC |
| microsoft -- data_access_components | Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." | 2011-01-11 | 9.3 | CVE-2011-0026 MS |
| microsoft -- data_access_components | Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. | 2011-01-11 | 9.3 | CVE-2011-0027 MS |
| netsupport -- netsupport_manager_agent | Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252. | 2011-01-10 | 7.5 | CVE-2011-0404 XF VUPEN SECTRACK BID MISC EXPLOIT-DB SECUNIA FULLDISC |
| novell -- suse_linux | The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | 2011-01-12 | 10.0 | CVE-2010-3912 SUSE |
| opensc-project -- opensc | Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. | 2011-01-07 | 7.2 | CVE-2010-4523 CONFIRM CONFIRM CONFIRM MISC MLIST MLIST MISC CONFIRM VUPEN SECUNIA SECUNIA FEDORA FEDORA |
| phenotype-cms -- phenotype_cms | SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information. | 2011-01-10 | 7.5 | CVE-2011-0407 XF BID BUGTRAQ MISC SECUNIA OSVDB |
| polyvision -- roomwizard_firmware | The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | 2011-01-11 | 7.5 | CVE-2011-0423 CERT-VN XF VUPEN BID FULLDISC MISC |
| redhat -- evince | Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2640 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
| redhat -- evince | Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2641 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
| redhat -- evince | Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2642 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
| redhat -- evince | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2643 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
| rim -- blackberry_enterprise_server | Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | 2011-01-12 | 9.3 | CVE-2010-2604 VUPEN BID CONFIRM SECUNIA |
| tibco -- activecatalog | Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-01-07 | 7.5 | CVE-2010-4496 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
| tibco -- activecatalog | Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 2011-01-07 | 7.5 | CVE-2010-4498 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
| wellintek -- kingview | Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | 2011-01-10 | 10.0 | CVE-2011-0406 XF VUPEN BID EXPLOIT-DB SECUNIA |
| wireshark -- wireshark | Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. | 2011-01-07 | 9.3 | CVE-2010-4538 CONFIRM VUPEN REDHAT SECUNIA OSVDB MLIST MLIST |
| wireshark -- wireshark | Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. | 2011-01-12 | 10.0 | CVE-2011-0444 CONFIRM MISC CONFIRM CONFIRM VUPEN |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| a51dev -- activecollab | ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | 2011-01-07 | 6.0 | CVE-2010-0215 CERT-VN CONFIRM |
| apache -- subversion | The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. | 2011-01-07 | 6.8 | CVE-2010-4539 CONFIRM CONFIRM MLIST MLIST MLIST MLIST XF VUPEN SECTRACK BID CONFIRM SECUNIA MLIST MLIST MLIST |
| apple -- mac_os_x | Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | 2011-01-10 | 6.8 | CVE-2010-4013 CONFIRM APPLE SECUNIA |
| catb -- gif2png | Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | 2011-01-14 | 6.8 | CVE-2009-5018 CONFIRM MLIST MLIST FULLDISC FEDORA CONFIRM CONFIRM VUPEN VUPEN GENTOO SECUNIA MLIST MLIST CONFIRM |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. | 2011-01-07 | 5.0 | CVE-2009-5037 MISC MISC CONFIRM |
| cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. | 2011-01-07 | 6.8 | CVE-2010-4676 CONFIRM |
| cisco -- adaptive_security_appliance_software | emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. | 2011-01-07 | 5.0 | CVE-2010-4677 CONFIRM |
| cisco -- ios | CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | 2011-01-07 | 6.8 | CVE-2009-5040 CONFIRM |
| cisco -- ios | Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | 2011-01-07 | 4.0 | CVE-2010-4685 CONFIRM |
| cisco -- ios | STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | 2011-01-07 | 5.0 | CVE-2010-4687 CONFIRM |
| cisco -- adaptive_security_appliance_software | The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. | 2011-01-07 | 5.0 | CVE-2010-4690 CONFIRM |
| citrix -- xen | The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. | 2011-01-10 | 5.5 | CVE-2010-4247 CONFIRM MISC MISC MLIST MLIST BID REDHAT SECUNIA |
| coppermine-gallery -- coppermine_photo_gallery | Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. | 2011-01-10 | 4.3 | CVE-2010-4693 XF MISC BID BUGTRAQ OSVDB OSVDB SECUNIA |
| crawltrack -- crawltrack | Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors. | 2011-01-13 | 6.8 | CVE-2010-4537 CONFIRM MLIST MLIST |
| debian -- dpkg | Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. | 2011-01-10 | 6.8 | CVE-2010-1679 VUPEN VUPEN UBUNTU DEBIAN SECUNIA SECUNIA |
| debian -- dpkg | dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | 2011-01-10 | 6.8 | CVE-2011-0402 VUPEN VUPEN UBUNTU DEBIAN SECUNIA SECUNIA |
| djangoproject -- django | The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | 2011-01-10 | 4.0 | CVE-2010-4534 CONFIRM MLIST MLIST CONFIRM CONFIRM SECUNIA MISC MISC FULLDISC |
| djangoproject -- django | The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | 2011-01-10 | 5.0 | CVE-2010-4535 CONFIRM MLIST MLIST CONFIRM CONFIRM SECUNIA |
| eclipse -- eclipse_ide | Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. | 2011-01-13 | 4.3 | CVE-2008-7271 MISC MISC |
| eclipse -- eclipse_ide | Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | 2011-01-13 | 4.3 | CVE-2010-4647 MISC MLIST MLIST |
| gnu -- glibc | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | 2011-01-07 | 6.9 | CVE-2010-3847 CERT-VN CONFIRM MLIST REDHAT VUPEN CONFIRM UBUNTU BUGTRAQ REDHAT DEBIAN CONFIRM GENTOO SECUNIA FULLDISC FULLDISC FULLDISC |
| gnu -- gimp | Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 6.8 | CVE-2010-4540 CONFIRM VUPEN MLIST MLIST MISC |
| gnu -- gimp | Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 6.8 | CVE-2010-4542 CONFIRM VUPEN MLIST MLIST MISC |
| gnu -- glibc | The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | 2011-01-13 | 5.0 | CVE-2010-4051 CERT-VN MISC MISC BID BUGTRAQ SECTRACK SREASON SREASONRES SECUNIA FULLDISC |
| gnu -- glibc | Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. | 2011-01-13 | 5.0 | CVE-2010-4052 CERT-VN MISC MISC BID BUGTRAQ SECTRACK SREASON SREASONRES SECUNIA FULLDISC |
| google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 2011-01-14 | 5.0 | CVE-2011-0470 CONFIRM CONFIRM |
| ibm -- websphere_mq | Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 2011-01-11 | 6.5 | CVE-2011-0314 XF AIXAPAR |
| ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | 2011-01-11 | 4.3 | CVE-2011-0315 XF CONFIRM AIXAPAR |
| ibm -- websphere_application_server | The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | 2011-01-11 | 5.0 | CVE-2011-0316 XF CONFIRM AIXAPAR |
| ibm -- websphere_mq | Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 2011-01-13 | 6.8 | CVE-2011-0310 XF AIXAPAR |
| io-socket-ssl -- io-socket-ssl | IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | 2011-01-13 | 4.0 | CVE-2010-4334 CONFIRM BID SECUNIA OSVDB CONFIRM |
| joomla -- com_search | Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | 2011-01-10 | 4.3 | CVE-2011-0005 MISC XF BID BUGTRAQ BUGTRAQ MISC |
| linux -- kernel | Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. | 2011-01-07 | 6.9 | CVE-2010-4160 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM CONFIRM MLIST CONFIRM MLIST SUSE |
| linux -- kernel | Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | 2011-01-10 | 4.9 | CVE-2010-4175 MLIST MLIST MLIST SUSE SUSE |
| linux -- kernel | The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. | 2011-01-10 | 4.0 | CVE-2010-4242 CONFIRM MISC CONFIRM MLIST REDHAT |
| linux -- kernel | The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. | 2011-01-13 | 6.9 | CVE-2010-4527 CONFIRM MLIST CONFIRM MISC BID CONFIRM MLIST |
| mediawiki -- mediawiki | MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2011-01-10 | 5.8 | CVE-2011-0003 MLIST CONFIRM XF VUPEN OSVDB MLIST MLIST SECUNIA |
| mono -- mono | Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." | 2011-01-10 | 5.0 | CVE-2010-4225 XF VUPEN BID CONFIRM SECUNIA OSVDB |
| mysql -- mysql | storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. | 2011-01-11 | 4.0 | CVE-2010-3676 CONFIRM MLIST CONFIRM CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. | 2011-01-11 | 4.0 | CVE-2010-3677 CONFIRM MLIST SUSE CONFIRM CONFIRM MISC |
| mysql -- mysql | MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. | 2011-01-11 | 4.0 | CVE-2010-3678 CONFIRM MLIST CONFIRM SUSE CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. | 2011-01-11 | 4.0 | CVE-2010-3679 CONFIRM MLIST CONFIRM CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables while using InnoDB, which triggers an assertion failure. | 2011-01-11 | 4.0 | CVE-2010-3680 CONFIRM MLIST CONFIRM CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. | 2011-01-11 | 4.0 | CVE-2010-3681 CONFIRM MLIST CONFIRM SUSE SUSE CONFIRM CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function. | 2011-01-11 | 4.0 | CVE-2010-3682 CONFIRM MLIST CONFIRM SUSE CONFIRM CONFIRM |
| mysql -- mysql | MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. | 2011-01-11 | 4.0 | CVE-2010-3683 CONFIRM MLIST CONFIRM SUSE SUSE CONFIRM CONFIRM |
| netwin -- surgemail | Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | 2011-01-07 | 4.3 | CVE-2010-3201 BID BUGTRAQ SECUNIA MISC |
| novell -- identity_manager | Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-01-07 | 4.3 | CVE-2010-4324 CONFIRM XF VUPEN SECTRACK BID CONFIRM SECUNIA OSVDB |
| php -- php | strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers. | 2011-01-10 | 5.0 | CVE-2010-4645 MLIST MISC XF VUPEN BID MLIST MLIST MISC CONFIRM |
| phpgedview -- phpgedview | Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter. | 2011-01-10 | 6.8 | CVE-2011-0405 CONFIRM VUPEN EXPLOIT-DB CONFIRM SECUNIA OSVDB |
| pidgin -- libpurple | directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | 2011-01-07 | 4.0 | CVE-2010-4528 CONFIRM MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM VUPEN BID SECUNIA SECUNIA SUSE FEDORA |
| piwik -- piwik | Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-01-10 | 4.3 | CVE-2011-0004 CONFIRM CONFIRM CONFIRM MLIST MLIST SECUNIA |
| piwik -- piwik | The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | 2011-01-10 | 6.4 | CVE-2011-0398 CONFIRM CONFIRM |
| piwik -- piwik | Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 2011-01-10 | 4.3 | CVE-2011-0399 CONFIRM CONFIRM |
| piwik -- piwik | Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 2011-01-10 | 5.0 | CVE-2011-0400 CONFIRM CONFIRM |
| piwik -- piwik | Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | 2011-01-10 | 5.0 | CVE-2011-0401 CONFIRM CONFIRM CONFIRM |
| polyvision -- roomwizard_firmware | The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. | 2011-01-11 | 5.0 | CVE-2010-0214 CERT-VN XF VUPEN BID FULLDISC MISC |
| rim -- blackberry_software | Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. | 2011-01-12 | 4.3 | CVE-2010-2599 VUPEN BID CONFIRM |
| tibco -- activecatalog | Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-01-07 | 4.3 | CVE-2010-4497 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
| tibco -- activecatalog | Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | 2011-01-07 | 4.3 | CVE-2010-4499 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
| tinybb -- tinybb | SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. | 2011-01-12 | 6.8 | CVE-2011-0443 XF SECTRACK BID EXPLOIT-DB CONFIRM SECUNIA |
| wb-i -- sgx-sp_final | Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-01-11 | 4.3 | CVE-2010-3926 BID CONFIRM SECUNIA JVNDB JVN |
| wb-i -- contents-mall | Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | 2011-01-13 | 5.8 | CVE-2010-3925 MISC JVNDB JVN |
| wireshark -- wireshark | The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. | 2011-01-12 | 5.0 | CVE-2011-0445 CONFIRM CONFIRM VUPEN |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- subversion | Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. | 2011-01-07 | 3.5 | CVE-2010-4644 XF VUPEN SECTRACK BID MLIST CONFIRM CONFIRM SECUNIA MLIST MLIST MLIST MLIST MLIST MLIST |
| linux -- kernel | Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | 2011-01-10 | 1.9 | CVE-2010-4525 MISC XF BID MLIST MLIST MLIST |
| linux -- kernel | Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. | 2011-01-13 | 2.1 | CVE-2010-4529 MLIST MLIST CONFIRM CONFIRM SECUNIA MLIST |
| novell -- vibe_onprem | Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | 2011-01-07 | 3.5 | CVE-2010-4322 MISC BUGTRAQ |
| troglobit -- pimd | pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | 2011-01-10 | 3.3 | CVE-2011-0007 MLIST XF BID OSVDB MLIST SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.