Vulnerability Summary for the Week of February 7, 2011
Released
Feb 14, 2011
Document ID
SB11-045
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- shockwave_player | The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2588 and CVE-2010-4188. | 2011-02-10 | 9.3 | CVE-2010-2587 CONFIRM |
| adobe -- shockwave_player | The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-4188. | 2011-02-10 | 9.3 | CVE-2010-2588 CONFIRM |
| adobe -- shockwave_player | Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. | 2011-02-10 | 9.3 | CVE-2010-2589 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2010-4093 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2010-4187 CONFIRM |
| adobe -- shockwave_player | The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2587 and CVE-2010-2588. | 2011-02-10 | 9.3 | CVE-2010-4188 CONFIRM |
| adobe -- shockwave_player | The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2011-02-10 | 9.3 | CVE-2010-4189 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2010-4190 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4192, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2010-4191 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2010-4192 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | 2011-02-10 | 9.3 | CVE-2010-4193 CONFIRM |
| adobe -- shockwave_player | The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | 2011-02-10 | 9.3 | CVE-2010-4194 CONFIRM |
| adobe -- shockwave_player | The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | 2011-02-10 | 9.3 | CVE-2010-4195 CONFIRM |
| adobe -- shockwave_player | The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | 2011-02-10 | 9.3 | CVE-2010-4196 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192. | 2011-02-10 | 9.3 | CVE-2010-4306 CONFIRM |
| adobe -- shockwave_player | Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. | 2011-02-10 | 9.3 | CVE-2010-4307 CONFIRM |
| adobe -- shockwave_player | Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306. | 2011-02-10 | 9.3 | CVE-2011-0555 CONFIRM |
| adobe -- shockwave_player | The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0569. | 2011-02-10 | 9.3 | CVE-2011-0556 CONFIRM |
| adobe -- shockwave_player | Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors. | 2011-02-10 | 9.3 | CVE-2011-0557 CONFIRM |
| adobe -- flash_player | Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via unspecified vectors. | 2011-02-10 | 9.3 | CVE-2011-0558 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0559 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0560 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0561 CONFIRM |
| adobe -- shockwave_player | The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0556. | 2011-02-10 | 9.3 | CVE-2011-0569 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0571 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0572 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0573 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0574 CONFIRM |
| adobe -- flash_player | Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font. | 2011-02-10 | 9.3 | CVE-2011-0577 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0607, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0578 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0608. | 2011-02-10 | 9.3 | CVE-2011-0607 CONFIRM |
| adobe -- flash_player | Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607. | 2011-02-10 | 9.3 | CVE-2011-0608 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606. | 2011-02-10 | 9.3 | CVE-2011-0563 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows use weak permissions for unspecified files, which allows attackers to gain privileges via unknown vectors. | 2011-02-10 | 9.3 | CVE-2011-0564 CONFIRM |
| adobe -- acrobat | Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585. | 2011-02-10 | 9.3 | CVE-2011-0565 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603. | 2011-02-10 | 9.3 | CVE-2011-0566 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0603. | 2011-02-10 | 9.3 | CVE-2011-0567 CONFIRM |
| adobe -- acrobat | Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565. | 2011-02-10 | 9.3 | CVE-2011-0585 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors. | 2011-02-10 | 9.3 | CVE-2011-0586 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. | 2011-02-10 | 9.3 | CVE-2011-0589 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | 2011-02-10 | 9.3 | CVE-2011-0590 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | 2011-02-10 | 9.3 | CVE-2011-0591 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. | 2011-02-10 | 9.3 | CVE-2011-0592 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600. | 2011-02-10 | 9.3 | CVE-2011-0593 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font. | 2011-02-10 | 9.3 | CVE-2011-0594 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600. | 2011-02-10 | 9.3 | CVE-2011-0595 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. | 2011-02-10 | 9.3 | CVE-2011-0596 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602. | 2011-02-10 | 9.3 | CVE-2011-0598 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602. | 2011-02-10 | 9.3 | CVE-2011-0599 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595. | 2011-02-10 | 9.3 | CVE-2011-0600 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599. | 2011-02-10 | 9.3 | CVE-2011-0602 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567. | 2011-02-10 | 9.3 | CVE-2011-0603 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0589. | 2011-02-10 | 9.3 | CVE-2011-0606 CONFIRM |
| bmc -- capacity_management_essentials | Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768. | 2011-02-10 | 10.0 | CVE-2011-0975 XF MISC VUPEN BID BUGTRAQ SECUNIA OSVDB |
| ca -- etrust_secure_content_manager | The CA ETrust Secure Content Manager Common Services Transport (ECSQdmn.exe) allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow. | 2011-02-10 | 10.0 | CVE-2011-0758 MISC VUPEN BID BUGTRAQ SECUNIA MISC |
| emc -- networker_module | The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. | 2011-02-10 | 10.0 | CVE-2011-0647 MISC VUPEN BID BUGTRAQ SECUNIA |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to image loading. | 2011-02-04 | 10.0 | CVE-2011-0777 CONFIRM CONFIRM |
| google -- chrome | The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | 2011-02-04 | 9.3 | CVE-2011-0780 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.84 does not properly handle autofill profile merging, which has unspecified impact and remote attack vectors. | 2011-02-04 | 7.5 | CVE-2011-0781 CONFIRM |
| google -- chrome | Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio. | 2011-02-04 | 9.3 | CVE-2011-0784 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-02-10 | 10.0 | CVE-2011-0981 CONFIRM CONFIRM |
| google -- chrome | Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG font faces. | 2011-02-10 | 10.0 | CVE-2011-0982 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-02-10 | 10.0 | CVE-2011-0983 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 2011-02-10 | 7.8 | CVE-2011-0984 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | 2011-02-10 | 10.0 | CVE-2011-0985 CONFIRM CONFIRM |
| hp -- data_protector | crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username. | 2011-02-08 | 10.0 | CVE-2011-0921 MISC VUPEN BID MISC |
| hp -- data_protector | The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname. | 2011-02-08 | 10.0 | CVE-2011-0922 MISC VUPEN BID MISC |
| hp -- data_protector | The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | 2011-02-08 | 10.0 | CVE-2011-0923 MISC VUPEN BID MISC |
| hp -- data_protector | The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh. | 2011-02-08 | 10.0 | CVE-2011-0924 MISC VUPEN BID MISC |
| ibm -- lotus_notes | IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2. | 2011-02-08 | 9.3 | CVE-2011-0912 MISC VUPEN CONFIRM |
| ibm -- lotus_domino | Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache. | 2011-02-08 | 10.0 | CVE-2011-0913 MISC CONFIRM |
| ibm -- lotus_domino | Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow. | 2011-02-08 | 10.0 | CVE-2011-0914 MISC CONFIRM |
| ibm -- lotus_domino | Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23. | 2011-02-08 | 10.0 | CVE-2011-0915 MISC CONFIRM |
| ibm -- lotus_domino | Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H. | 2011-02-08 | 10.0 | CVE-2011-0916 MISC CONFIRM |
| ibm -- lotus_domino | Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via an LDAP Bind operation, aka SPR KLYH87LMVX. | 2011-02-08 | 10.0 | CVE-2011-0917 MISC MISC |
| ibm -- lotus_domino | Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE. | 2011-02-08 | 10.0 | CVE-2011-0918 MISC MISC |
| ibm -- lotus_domino | Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ. | 2011-02-08 | 10.0 | CVE-2011-0919 MISC MISC |
| ibm -- lotus_domino | The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS. | 2011-02-08 | 9.3 | CVE-2011-0920 CONFIRM |
| johan_lindskog -- aes_encryption_module | The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user. | 2011-02-07 | 7.5 | CVE-2011-0899 BID CONFIRM CONFIRM XF SECUNIA OSVDB |
| microsoft -- windows_7 | The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | 2011-02-08 | 7.1 | CVE-2011-0031 MS XF VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0039 MS VUPEN BID SECUNIA |
| microsoft -- windows_xp | The kernel in Microsoft Windows XP SP3 performs memory allocation before properly validating unspecified data obtained from a user, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Integer Truncation Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0045 MS XF |
| microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0086 MS VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0087 MS VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0088 MS VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0089 MS VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | 2011-02-08 | 7.2 | CVE-2011-0090 MS VUPEN BID SECUNIA |
| microsoft -- windows_2003_server | The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability." | 2011-02-10 | 9.3 | CVE-2011-0033 MS |
| microsoft -- ie | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0036. | 2011-02-10 | 9.3 | CVE-2011-0035 MS |
| microsoft -- ie | Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2010-2556 and CVE-2011-0035. | 2011-02-10 | 9.3 | CVE-2011-0036 MS |
| microsoft -- ie | Untrusted search path vulnerability in Microsoft Internet Explorer 8 might allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a Desktop directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability." | 2011-02-10 | 9.3 | CVE-2011-0038 MS |
| microsoft -- windows_2003_server | Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability." | 2011-02-10 | 7.2 | CVE-2011-0043 MS |
| microsoft -- visio | ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly handle objects in memory during the parsing of Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Object Memory Corruption Vulnerability." | 2011-02-10 | 9.3 | CVE-2011-0092 MS |
| microsoft -- visio | ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability." | 2011-02-10 | 9.3 | CVE-2011-0093 MS |
| microsoft -- powerpoint | Microsoft Office PowerPoint 2007 does not properly handle Office Art containers, which allows remote attackers to execute arbitrary code via a container that triggers certain access to an uninitialized object. | 2011-02-10 | 9.3 | CVE-2011-0976 MISC MISC |
| microsoft -- excel | Use-after-free vulnerability in Microsoft Excel 2007 allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format. | 2011-02-10 | 9.3 | CVE-2011-0977 MISC MISC |
| microsoft -- excel | Microsoft Office Excel does not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record. | 2011-02-10 | 9.3 | CVE-2011-0979 MISC MISC |
| smc_networks -- smcd3g-ccr_firmware | A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface. | 2011-02-08 | 10.0 | CVE-2011-0885 MISC XF BID BUGTRAQ EXPLOIT-DB BUGTRAQ |
| topazsystems -- sigplus_pro_activex_control | Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content. | 2011-02-07 | 9.3 | CVE-2011-0323 XF BID MISC SECUNIA |
| topazsystems -- sigplus_pro_activex_control | Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method. | 2011-02-07 | 9.3 | CVE-2011-0324 XF XF XF BID MISC SECUNIA |
| videolan -- vlc_media_player | The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv. | 2011-02-07 | 9.3 | CVE-2011-0522 MLIST MLIST MLIST CONFIRM XF VUPEN BID EXPLOIT-DB MLIST |
| videolan -- vlc_media_player | demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. | 2011-02-07 | 9.3 | CVE-2011-0531 CONFIRM MLIST MLIST CONFIRM XF SECTRACK BID SECUNIA OSVDB |
| wireshark -- wireshark | Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized pointer during processing of a .pcap file in the pcap-ng format, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed file. | 2011-02-08 | 7.5 | CVE-2011-0538 CONFIRM MLIST MISC XF BID |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- flash_player | Untrusted search path vulnerability in Adobe Flash Player before 10.2.152.26 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2011-02-10 | 6.9 | CVE-2011-0575 CONFIRM |
| adobe -- coldfusion | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-02-10 | 4.3 | CVE-2011-0580 CONFIRM |
| adobe -- coldfusion | Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. | 2011-02-10 | 4.3 | CVE-2011-0581 CONFIRM |
| adobe -- coldfusion | Unspecified vulnerability in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allows attackers to obtain sensitive information via unknown vectors. | 2011-02-10 | 5.0 | CVE-2011-0582 CONFIRM |
| adobe -- coldfusion | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag. | 2011-02-10 | 4.3 | CVE-2011-0583 CONFIRM |
| adobe -- coldfusion | Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. | 2011-02-10 | 4.3 | CVE-2011-0584 CONFIRM |
| adobe -- acrobat | Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588. | 2011-02-10 | 6.9 | CVE-2011-0562 CONFIRM |
| adobe -- acrobat | Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | 2011-02-10 | 6.8 | CVE-2011-0568 CONFIRM |
| adobe -- acrobat | Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588. | 2011-02-10 | 6.9 | CVE-2011-0570 CONFIRM |
| adobe -- acrobat | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604. | 2011-02-10 | 4.3 | CVE-2011-0587 CONFIRM |
| adobe -- acrobat | Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0570. | 2011-02-10 | 6.9 | CVE-2011-0588 CONFIRM |
| adobe -- acrobat | Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587. | 2011-02-10 | 4.3 | CVE-2011-0604 CONFIRM |
| adobe -- acrobat | Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 2011-02-10 | 6.8 | CVE-2011-0605 CONFIRM |
| apache -- tomcat | Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. | 2011-02-10 | 5.0 | CVE-2011-0534 CONFIRM XF VUPEN SECTRACK BID BUGTRAQ CONFIRM OSVDB |
| awcm-cms -- ar_web_content_manager | Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php. | 2011-02-07 | 6.8 | CVE-2011-0903 XF BID EXPLOIT-DB |
| erick_woods -- terminal_server_client | Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument. | 2011-02-07 | 6.8 | CVE-2011-0900 XF BID EXPLOIT-DB SECUNIA OSVDB |
| erick_woods -- terminal_server_client | Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a long (1) username, (2) password, or (3) domain argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-02-07 | 6.8 | CVE-2011-0901 XF XF XF SECUNIA OSVDB |
| google -- chrome | The sandbox implementation in Google Chrome before 9.0.597.84 on Mac OS X might allow remote attackers to obtain potentially sensitive information about local files via vectors related to the stat system call. | 2011-02-04 | 5.0 | CVE-2011-0776 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | 2011-02-04 | 5.0 | CVE-2011-0778 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. | 2011-02-04 | 5.0 | CVE-2011-0779 CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors. | 2011-02-04 | 5.0 | CVE-2011-0782 CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." | 2011-02-04 | 4.3 | CVE-2011-0783 CONFIRM CONFIRM |
| hp -- power_manager | Cross-site request forgery (CSRF) vulnerability in HP Power Manager (HPPM) 4.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts. | 2011-02-08 | 6.8 | CVE-2011-0277 SECTRACK BID HP HP SECUNIA |
| microsoft -- windows_2003_server | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023. | 2011-02-08 | 6.9 | CVE-2011-0030 MS |
| microsoft -- windows_2003_server | The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability." | 2011-02-08 | 5.0 | CVE-2011-0040 MS VUPEN BID SECUNIA |
| microsoft -- windows_7 | Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | 2011-02-10 | 6.4 | CVE-2011-0091 MS |
| microsoft -- excel | Stack-based buffer overflow in Microsoft Office Excel allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index. | 2011-02-10 | 6.8 | CVE-2011-0978 MISC MISC |
| microsoft -- excel | Microsoft Office Excel 2003 does not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer. | 2011-02-10 | 6.8 | CVE-2011-0980 MISC MISC |
| mit -- kerberos | The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors. | 2011-02-10 | 5.0 | CVE-2010-4022 BUGTRAQ CONFIRM BID |
| mit -- kerberos | The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a sequence. | 2011-02-10 | 5.0 | CVE-2011-0281 BUGTRAQ REDHAT CONFIRM MLIST |
| mit -- kerberos | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name. | 2011-02-10 | 5.0 | CVE-2011-0282 BUGTRAQ REDHAT CONFIRM |
| mit -- kerberos | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request packet that does not trigger a response packet. | 2011-02-10 | 5.0 | CVE-2011-0283 BUGTRAQ CONFIRM |
| novell -- edirectory | Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524. | 2011-02-10 | 5.0 | CVE-2010-4327 MISC VUPEN BID BUGTRAQ CONFIRM SECUNIA MISC |
| openssh -- openssh | The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. | 2011-02-10 | 5.0 | CVE-2011-0539 CONFIRM XF VUPEN SECTRACK BID MLIST SECUNIA |
| oracle -- enterprise_manager | Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard. | 2011-02-07 | 4.6 | CVE-2010-4506 MISC |
| redhat -- icedtea | IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. | 2011-02-04 | 6.8 | CVE-2011-0025 MISC CONFIRM XF UBUNTU BID SECUNIA |
| smc_networks -- smcd3g-ccr_firmware | Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic. | 2011-02-08 | 6.8 | CVE-2011-0886 MISC XF BID BUGTRAQ EXPLOIT-DB BUGTRAQ |
| smc_networks -- smcd3g-ccr_firmware | The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie. | 2011-02-08 | 5.0 | CVE-2011-0887 MISC XF BID BUGTRAQ EXPLOIT-DB BUGTRAQ |
| sun -- sunos | Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. | 2011-02-07 | 6.9 | CVE-2011-0902 XF BID EXPLOIT-DB |
| vanillaforums -- vanilla_forums | Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action. | 2011-02-08 | 4.3 | CVE-2011-0526 MISC MISC OSVDB SECUNIA MLIST MLIST |
| vanillaforums -- vanilla_forums | Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | 2011-02-08 | 5.8 | CVE-2011-0908 CONFIRM |
| vanillaforums -- vanilla_forums | Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | 2011-02-08 | 4.3 | CVE-2011-0909 CONFIRM |
| vanillaforums -- vanilla_forums | The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks. | 2011-02-08 | 6.4 | CVE-2011-0910 CONFIRM |
| zikula -- zikula_application_framework | Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism. | 2011-02-08 | 5.0 | CVE-2010-4728 CONFIRM |
| zikula -- zikula_application_framework | Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions. | 2011-02-08 | 6.8 | CVE-2010-4729 CONFIRM CONFIRM |
| zikula -- zikula_application_framework | Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php. | 2011-02-08 | 6.8 | CVE-2011-0535 OSVDB SECUNIA FULLDISC MLIST MLIST CONFIRM CONFIRM MISC |
| zikula -- zikula_application_framework | Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535. | 2011-02-08 | 4.3 | CVE-2011-0911 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- tomcat | Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. | 2011-02-10 | 1.2 | CVE-2010-3718 XF BID BUGTRAQ MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.