Weekly Vulnerabilities Reports > May 12 to 18, 2008
Overview
2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 4 vendors including Debian, Microsoft, Canonical, and Openssl. Vulnerabilities are notably categorized as "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", and "Incorrect Permission Assignment for Critical Resource".
- 1 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-13 | CVE-2008-0322 | Microsoft | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows XP The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. | 7.8 |
2008-05-13 | CVE-2008-0166 | Openssl Canonical Debian | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. | 7.5 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|