Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-27 | CVE-2008-7095 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Aruba Mobility Controller and Arubaos The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which allows remote attackers to (1) read all SNMP community strings via SNMP-COMMUNITY-MIB::snmpCommunityName (1.3.6.1.6.3.18.1.1.1.2) or SNMP-VIEW-BASED-ACM-MIB::vacmGroupName (1.3.6.1.6.3.16.1.2.1.3) with knowledge of one community string, and (2) read SNMPv3 user names via SNMP-USER-BASED-SM-MIB or SNMP-VIEW-BASED-ACM-MIB. | 7.8 |
| 2009-08-27 | CVE-2009-2977 | Cryptographic Issues vulnerability in Cisco Cs-Mars The Cisco Security Monitoring, Analysis and Response System (CS-MARS) 6.0.4 and earlier stores cleartext passwords in log/sysbacktrace.## files within error-logs.tar.gz archives, which allows context-dependent attackers to obtain sensitive information by reading these files. | 3.3 |
| 2009-08-27 | CVE-2009-2976 | Cryptographic Issues vulnerability in Cisco Aironet Ap1100 and Aironet Ap1200 Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network. | 7.8 |
| 2009-08-27 | CVE-2009-2975 | Denial-Of-Service vulnerability in Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. | 5.0 |
| 2009-08-27 | CVE-2009-2974 | Denial-Of-Service vulnerability in Chrome Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property. | 5.0 |
| 2009-08-27 | CVE-2009-2973 | Cryptographic Issues vulnerability in Google Chrome Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409. | 6.4 |
| 2009-08-27 | CVE-2009-2972 | Resource Management Errors vulnerability in SUN Solaris 8/9 in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb." | 7.8 |
| 2009-08-27 | CVE-2009-2698 | NULL Pointer Dereference vulnerability in multiple products The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. | 7.8 |
| 2009-08-27 | CVE-2009-2935 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | 10.0 |
| 2009-08-27 | CVE-2009-2861 | Denial-Of-Service vulnerability in Cisco Aironet Ap1100 and Aironet Ap1200 The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664. | 7.3 |