Weekly Vulnerabilities Reports > August 24 to 30, 2009

Overview

2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 7 vendors including Linux, Fedoraproject, Redhat, Suse, and Vmware. Vulnerabilities are notably categorized as "NULL Pointer Dereference", and "Incorrect Authorization".

  • 1 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Kyoceramita has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-28 CVE-2008-7109 Kyoceramita Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1

The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.

9.8

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-08-27 CVE-2009-2698 Linux
Canonical
Suse
Fedoraproject
Redhat
Vmware
NULL Pointer Dereference vulnerability in multiple products

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

7.8

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS