Weekly Vulnerabilities Reports > February 15 to 21, 2010

Overview

63 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 21 vendors including Google, Cisco, Apple, Linux, and Accellion. Vulnerabilities are notably categorized as "Information Exposure", "Permissions, Privileges, and Access Controls", "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 56 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 61 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-19 CVE-2010-0108 Symantec Buffer Errors vulnerability in Symantec Antivirus, Client Security and Endpoint Protection

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.

10.0
2010-02-18 CVE-2010-0646 Google Numeric Errors vulnerability in Google Chrome

Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.

10.0
2010-02-15 CVE-2009-4643 Juniper Buffer Errors vulnerability in Juniper Odyssey Access Client 4.72.11421.0

Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.

10.0
2010-02-18 CVE-2010-0659 Apple
Google
Resource Management Errors vulnerability in multiple products

The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

9.3
2010-02-18 CVE-2010-0658 Google
Microsoft
Numeric Errors vulnerability in Google Chrome

Multiple integer overflows in Skia, as used in Google Chrome before 4.0.249.78, allow remote attackers to execute arbitrary code in the Chrome sandbox or cause a denial of service (memory corruption and application crash) via vectors involving CANVAS elements.

9.3
2010-02-18 CVE-2010-0657 Google
Microsoft
Unspecified vulnerability in Google Chrome

Google Chrome before 4.0.249.78 on Windows does not perform the expected encoding, escaping, and quoting for the URL in the --app argument in a desktop shortcut, which allows user-assisted remote attackers to execute arbitrary programs or obtain sensitive information by tricking a user into creating a crafted shortcut.

9.3
2010-02-18 CVE-2010-0655 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site.

9.3
2010-02-18 CVE-2010-0649 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.

9.3
2010-02-18 CVE-2010-0647 Apple
Google
Code Injection vulnerability in multiple products

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.

9.3
2010-02-18 CVE-2010-0645 Google Numeric Errors vulnerability in Google Chrome

Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.

9.3
2010-02-16 CVE-2010-0136 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Openoffice.Org 2.0.4/2.4.1/3.1.1

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

9.3
2010-02-16 CVE-2009-3302 SUN Code Injection vulnerability in SUN Openoffice.Org

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

9.3
2010-02-16 CVE-2009-3301 SUN
Canonical
Numeric Errors vulnerability in multiple products

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

9.3
2010-02-16 CVE-2009-2950 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Openoffice.Org

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

9.3
2010-02-16 CVE-2009-2949 SUN Numeric Errors vulnerability in SUN Openoffice.Org

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

9.3
2010-02-19 CVE-2009-4646 Accellion Code Injection vulnerability in Accellion Secure File Transfer Appliance

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.

9.0
2010-02-19 CVE-2009-4644 Accellion OS Command Injection vulnerability in Accellion Secure File Transfer Appliance

Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.

9.0

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-19 CVE-2010-0569 Cisco Denial of Service vulnerability in Cisco ASA 5500 Series SIP Traffic (CVE-2010-0569)

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018.

7.8
2010-02-19 CVE-2010-0565 Cisco Denial of Service vulnerability in Cisco ASA 5500 WebVPN DTLS Packet

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability."

7.8
2010-02-19 CVE-2010-0151 Cisco Remote Denial of Service vulnerability in Cisco Firewall Services Module 4.0/4.0(4)/4.0(6)

The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message.

7.8
2010-02-19 CVE-2010-0150 Cisco Denial of Service vulnerability in Cisco ASA 5500 Series SIP Traffic (CVE-2010-0150)

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157.

7.8
2010-02-19 CVE-2010-0149 Cisco Denial of Service vulnerability in Cisco ASA Appliance TCP Connection Exhaustion

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability."

7.8
2010-02-19 CVE-2009-4645 Accellion Path Traversal vulnerability in Accellion Secure File Transfer Appliance

Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a ..

7.8
2010-02-18 CVE-2010-0416 Realnetworks Buffer Errors vulnerability in Realnetworks Helix Player and Realplayer

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.

7.5
2010-02-15 CVE-2010-0288 Dokuwiki Permissions, Privileges, and Access Controls vulnerability in Dokuwiki

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

7.5
2010-02-19 CVE-2009-4648 Accellion Permissions, Privileges, and Access Controls vulnerability in Accellion Secure File Transfer Appliance

Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.

7.2
2010-02-19 CVE-2010-0568 Cisco Denial of Service vulnerability in Cisco ASA 5500 IKE Message

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.

7.1
2010-02-19 CVE-2010-0566 Cisco Denial of Service vulnerability in Cisco ASA 5500 Crafted TCP Segment

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.

7.1

32 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-18 CVE-2010-0661 Apple
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

6.8
2010-02-15 CVE-2010-0638 K5N Cross-Site Request Forgery (CSRF) vulnerability in K5N Webcalendar 1.2.0

Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors.

6.8
2010-02-15 CVE-2010-0289 Dokuwiki Cross-Site Request Forgery (CSRF) vulnerability in Dokuwiki

Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.

6.8
2010-02-15 CVE-2010-0186 Adobe Cross Domain Scripting vulnerability in Multiple Adobe Products

Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.

6.8
2010-02-19 CVE-2010-0666 Novell Unspecified vulnerability in Novell Edirectory

Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch 2 and earlier allows remote attackers to cause a denial of service (crash) via unknown a crafted SOAP request, a different issue than CVE-2008-0926.

5.0
2010-02-19 CVE-2010-0665 Xs4All Permissions, Privileges, and Access Controls vulnerability in Xs4All JAG 1.14

JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.

5.0
2010-02-19 CVE-2010-0567 Cisco Denial of Service vulnerability in Cisco ASA 5500 IKE Message

Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.

5.0
2010-02-18 CVE-2010-0417 Realnetworks Buffer Errors vulnerability in Realnetworks Helix Player and Realplayer

Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.

5.0
2010-02-18 CVE-2010-0664 Google Resource Management Errors vulnerability in Google Chrome

Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.

5.0
2010-02-18 CVE-2010-0663 Google Information Exposure vulnerability in Google Chrome

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.

5.0
2010-02-18 CVE-2010-0662 Google Numeric Errors vulnerability in Google Chrome

The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.

5.0
2010-02-18 CVE-2010-0660 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.

5.0
2010-02-17 CVE-2010-0642 Cisco Information Exposure vulnerability in Cisco Collaboration Server 5.0

Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.

5.0
2010-02-15 CVE-2010-0639 Squid Cache Remote Denial of Service vulnerability in Squid Web Proxy Cache HTCP Request Processing

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

5.0
2010-02-15 CVE-2010-0287 Dokuwiki Path Traversal vulnerability in Dokuwiki

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a ..

5.0
2010-02-15 CVE-2010-0623 Linux
Opensuse
Canonical
The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem.
4.9
2010-02-17 CVE-2010-0307 Linux
Debian
Canonical
Local Denial of Service vulnerability in Linux Kernel

The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function.

4.7
2010-02-17 CVE-2010-0415 Linux Local Information Disclosure vulnerability in Linux Kernel 'do_pages_move()'

The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.

4.6
2010-02-15 CVE-2010-0291 Linux
Debian
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."

4.6
2010-02-19 CVE-2009-4647 Accellion Cross-Site Scripting vulnerability in Accellion Secure File Transfer Appliance

Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs.

4.3
2010-02-18 CVE-2010-0656 Apple
Google
Information Exposure vulnerability in multiple products

WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.

4.3
2010-02-18 CVE-2010-0654 Mozilla Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

4.3
2010-02-18 CVE-2010-0653 Opera Information Exposure vulnerability in Opera Browser

Opera before 10.10 permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

4.3
2010-02-18 CVE-2010-0652 Microsoft Information Exposure vulnerability in Microsoft IE

Microsoft Internet Explorer permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote HTTP servers to obtain sensitive information via a crafted document.

4.3
2010-02-18 CVE-2010-0651 Apple
Google
Information Exposure vulnerability in multiple products

WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

4.3
2010-02-18 CVE-2010-0648 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

4.3
2010-02-18 CVE-2010-0644 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.

4.3
2010-02-18 CVE-2010-0643 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.

4.3
2010-02-18 CVE-2010-0556 Google Credentials Management vulnerability in Google Chrome

browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.

4.3
2010-02-17 CVE-2010-0641 Cisco Cross-Site Scripting vulnerability in Cisco Collaboration Server 5.0

Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.

4.3
2010-02-15 CVE-2010-0187 Adobe Code Injection vulnerability in Adobe AIR and Flash Player

Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.

4.3
2010-02-15 CVE-2009-3960 Adobe Unspecified vulnerability in Adobe products

Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-02-18 CVE-2010-0650 Google
Apple
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

2.6
2010-02-15 CVE-2010-0622 Linux Unspecified vulnerability in Linux Kernel

The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space.

2.1
2010-02-19 CVE-2010-0106 Symantec Unspecified vulnerability in Symantec Antivirus, Client Security and Endpoint Protection

The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources.

1.9