Weekly Vulnerabilities Reports > December 13 to 19, 2004
Overview
10 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 13 vendors including Microsoft, Netbsd, Asante, Cisco, and Redhat. Vulnerabilities are notably categorized as .
- 8 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-15 | CVE-2004-1322 | Cisco | Unspecified vulnerability in Cisco Unity Server Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. | 7.5 |
2004-12-15 | CVE-2004-1321 | Asante | Remote Security vulnerability in Asante Fm2008 Managed Ethernet Switch 1.6 The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access. | 7.5 |
2004-12-15 | CVE-2004-1320 | Asante | Unspecified vulnerability in Asante Fm2008 Managed Ethernet Switch 1.6 Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access. | 7.5 |
2004-12-18 | CVE-2004-1374 | Netbsd | Local Security vulnerability in Netbsd 2.0.4 Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges. | 7.2 |
4 Medium Vulnerabilities
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2004-12-18 | CVE-2004-1324 | Microsoft | Unspecified vulnerability in Microsoft Windows Media Player 9 The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | 2.6 |
2004-12-16 | CVE-2004-1323 | Netbsd | Denial-Of-Service vulnerability in NetBSD Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. | 2.1 |