Weekly Vulnerabilities Reports > July 27 to August 2, 2009
Overview
1 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 5 vendors including Debian, Opensuse, Mozilla, Suse, and Canonical. Vulnerabilities are notably categorized as and "Improper Certificate Validation".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2009-07-30 | CVE-2009-2408 | Mozilla Suse Opensuse Debian Canonical | Improper Certificate Validation vulnerability in multiple products Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 5.9 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|