Weekly Vulnerabilities Reports > August 9 to 15, 2010

Overview

88 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 84 products from 17 vendors including Microsoft, Cisco, Adobe, Wireshark, and Linux. Vulnerabilities are notably categorized as "Code Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Resource Management Errors".

  • 72 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 79 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 37 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 19 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

32 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-13 CVE-2010-2995 Wireshark Numeric Errors vulnerability in Wireshark

The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.

10.0
2010-08-13 CVE-2010-2994 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors.

10.0
2010-08-11 CVE-2010-2550 Microsoft Improper Input Validation vulnerability in Microsoft products

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."

10.0
2010-08-11 CVE-2010-2217 Adobe
Linux
Microsoft
Code Injection vulnerability in Adobe Flash Media Server and Flash Media Server 2

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability."

10.0
2010-08-10 CVE-2010-2984 Cisco Unspecified vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID CSCtb75305.

10.0
2010-08-10 CVE-2010-2978 Cisco Cryptographic Issues vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka Bug ID CSCtd67660.

10.0
2010-08-10 CVE-2010-2977 Cisco Configuration vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not properly implement TLS and SSL, which has unspecified impact and remote attack vectors, aka Bug ID CSCtd01611.

10.0
2010-08-10 CVE-2010-2976 Cisco Credentials Management vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of "default" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access.

10.0
2010-08-11 CVE-2010-2991 Citrix Code Injection vulnerability in Citrix Online Plug-In FOR Windows for Xenapp & Xendesktop 11.1

The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.

9.3
2010-08-11 CVE-2010-2990 Citrix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix products

Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.

9.3
2010-08-11 CVE-2010-2566 Microsoft Improper Input Validation vulnerability in Microsoft products

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."

9.3
2010-08-11 CVE-2010-2564 Microsoft Code Injection vulnerability in Microsoft Windows Movie Maker 2.1/2.6/6.0

Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2562 Microsoft Code Injection vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2561 Microsoft Code Injection vulnerability in Microsoft XML Core Services 3.0

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2560 Microsoft Code Injection vulnerability in Microsoft IE 6/7/8

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2559 Microsoft Code Injection vulnerability in Microsoft IE 8

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.

9.3
2010-08-11 CVE-2010-2558 Microsoft Race Condition vulnerability in Microsoft IE 6/7/8

Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2557 Microsoft Code Injection vulnerability in Microsoft IE 6

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2556 Microsoft Code Injection vulnerability in Microsoft IE 6/7/8

Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-2553 Microsoft Code Injection vulnerability in Microsoft Windows 7, Windows Vista and Windows XP

The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."

9.3
2010-08-11 CVE-2010-2216 Adobe Code Injection vulnerability in Adobe Air, Flash Player and Flash Player for Linux

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.

9.3
2010-08-11 CVE-2010-2214 Adobe Code Injection vulnerability in Adobe Air, Flash Player and Flash Player for Linux

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.

9.3
2010-08-11 CVE-2010-2213 Adobe Code Injection vulnerability in Adobe Air, Flash Player and Flash Player for Linux

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.

9.3
2010-08-11 CVE-2010-1903 Microsoft Code Injection vulnerability in Microsoft Office Word Viewer and Word

Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-1902 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability."

9.3
2010-08-11 CVE-2010-1901 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability."

9.3
2010-08-11 CVE-2010-1900 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability."

9.3
2010-08-11 CVE-2010-1898 Microsoft
Apple
Code Injection vulnerability in Microsoft .Net Framework and Silverlight

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."

9.3
2010-08-11 CVE-2010-1882 Microsoft Buffer Errors vulnerability in Microsoft products

Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."

9.3
2010-08-11 CVE-2010-0209 Adobe Code Injection vulnerability in Adobe Air, Flash Player and Flash Player for Linux

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.

9.3
2010-08-11 CVE-2010-0019 Microsoft
Apple
Code Injection vulnerability in Microsoft Silverlight 3.0.40624.00/3.0.40723.0/3.0.40818.0

Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."

9.3
2010-08-10 CVE-2010-0834 Ubuntu
Dell
Improper Authentication vulnerability in Ubuntu Linux 10.04/9.10

The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.

9.3

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-09 CVE-2010-2707 HP Unspecified vulnerability in HP products

Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

8.3
2010-08-11 CVE-2010-2552 Microsoft Resource Management Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."

7.8
2010-08-11 CVE-2010-2551 Microsoft Improper Input Validation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."

7.8
2010-08-11 CVE-2010-1892 Microsoft Buffer Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."

7.8
2010-08-10 CVE-2010-2983 Cisco Unspecified vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an "EAPoL logoff attack," aka Bug ID CSCte43374.

7.8
2010-08-10 CVE-2010-2980 Cisco Buffer Errors vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (pbuf exhaustion and device crash) via fragmented traffic, aka Bug ID CSCtd26794.

7.8
2010-08-10 CVE-2010-2979 Cisco Buffer Errors vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 5508 series controllers allows remote attackers to cause a denial of service (buffer leak and device crash) via ARP requests that trigger an ARP storm, aka Bug ID CSCte43508.

7.8
2010-08-09 CVE-2010-2820 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61662.

7.8
2010-08-09 CVE-2010-2819 Cisco Improper Input Validation vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61622.

7.8
2010-08-09 CVE-2010-2818 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on the Cisco Firewall Services Module (FWSM) with software 3.1 before 3.1(17.2), 3.2 before 3.2(16.1), 4.0 before 4.0(10.1), and 4.1 before 4.1(1.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via crafted SunRPC messages, aka Bug ID CSCte61710.

7.8
2010-08-09 CVE-2010-2817 Cisco Denial of Service vulnerability in Cisco ASA 5500 IKE Message

Unspecified vulnerability in the IKE implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 before 7.0(8.11), 7.1 and 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.10), and 8.3 before 8.3(1.1) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a crafted IKE message, aka Bug ID CSCte46507.

7.8
2010-08-09 CVE-2010-2816 Cisco Denial of Service vulnerability in Cisco ASA 5500 Series SIP Inspection (CVE-2010-2816)

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.17), 8.1 before 8.1(2.45), and 8.2 before 8.2(2.13) allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtd32106.

7.8
2010-08-09 CVE-2010-2815 Cisco Denial of Service vulnerability in Cisco ASA 5500 Series TLS Packet

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf55259.

7.8
2010-08-09 CVE-2010-2814 Cisco Denial of Service vulnerability in Cisco ASA 5500 Series TLS Packet

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtf37506.

7.8
2010-08-09 CVE-2010-1581 Cisco Denial of Service vulnerability in Cisco products

Unspecified vulnerability in the Transport Layer Security (TLS) implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.15), 8.1 before 8.1(2.44), 8.2 before 8.2(2.17), and 8.3 before 8.3(1.6) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via a sequence of crafted TLS packets, aka Bug ID CSCtd32627.

7.8
2010-08-09 CVE-2010-1580 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc85753.

7.8
2010-08-09 CVE-2010-1579 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc79922.

7.8
2010-08-09 CVE-2010-1578 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SunRPC inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 before 7.2(5), 8.0 before 8.0(5.19), 8.1 before 8.1(2.47), and 8.2 before 8.2(2) and Cisco PIX Security Appliances 500 series devices allows remote attackers to cause a denial of service (device reload) via crafted SunRPC UDP packets, aka Bug ID CSCtc77567.

7.8
2010-08-11 CVE-2010-2861 Adobe Path Traversal vulnerability in Adobe Coldfusion

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

7.5
2010-08-11 CVE-2010-2542 GIT Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GIT

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

7.5
2010-08-11 CVE-2010-1897 Microsoft Improper Input Validation vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."

7.2
2010-08-11 CVE-2010-1896 Microsoft Improper Input Validation vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."

7.2
2010-08-11 CVE-2010-1895 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."

7.2
2010-08-11 CVE-2010-1894 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."

7.2
2010-08-11 CVE-2010-1889 Microsoft Resource Management Errors vulnerability in Microsoft Windows Server 2008 and Windows Vista

Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."

7.2
2010-08-10 CVE-2010-2982 Cisco Information Exposure vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to discover a group password via a series of SNMP requests, as demonstrated by an SNMP walk, aka Bug ID CSCtb74037.

7.1
2010-08-10 CVE-2010-2981 Cisco Unspecified vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370.

7.1
2010-08-09 CVE-2010-2821 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) with software 3.2 before 3.2(17.2), 4.0 before 4.0(11.1), and 4.1 before 4.1(1.2) for Catalyst 6500 series switches and 7600 series routers, when multi-mode is enabled, allows remote attackers to cause a denial of service (device reload) via crafted (1) Telnet, (2) SSH, or (3) ASDM traffic over TCP, aka Bug ID CSCtg68694.

7.1

25 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-11 CVE-2010-2555 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."

6.8
2010-08-11 CVE-2010-2554 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."

6.8
2010-08-11 CVE-2010-1893 Microsoft Numeric Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."

6.8
2010-08-11 CVE-2010-1888 Microsoft Race Condition vulnerability in Microsoft Windows XP

Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability."

6.8
2010-08-09 CVE-2010-2708 HP Unspecified vulnerability in HP products

Unspecified vulnerability on the HP ProCurve 2610 switch before R.11.22, when DHCP is enabled, allows remote attackers to cause a denial of service via unknown vectors.

6.1
2010-08-09 CVE-2010-2706 HP Unspecified vulnerability in HP products

Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 switch before R.11.30 allows remote attackers to cause a denial of service via unknown vectors.

6.1
2010-08-09 CVE-2010-2705 HP Unspecified vulnerability in HP products

Unspecified vulnerability on the HP ProCurve 1800-24G switch with software PB.03.02 and earlier, and the ProCurve 1800-8G switch with software PA.03.02 and earlier, when SNMP is enabled, allows remote attackers to obtain sensitive information via unknown vectors.

6.1
2010-08-09 CVE-2010-2801 Cabextract Project Numeric Errors vulnerability in Cabextract Project Cabextract

Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.

5.1
2010-08-13 CVE-2010-2993 Wireshark Improper Input Validation vulnerability in Wireshark

The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

5.0
2010-08-13 CVE-2010-2992 Wireshark Unspecified vulnerability in Wireshark

packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.

5.0
2010-08-11 CVE-2010-2220 Adobe
Linux
Microsoft
Unspecified vulnerability in Adobe Flash Media Server and Flash Media Server 2

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to an "input validation issue."

5.0
2010-08-11 CVE-2010-2219 Adobe
Linux
Microsoft
Resource Management Errors vulnerability in Adobe Flash Media Server and Flash Media Server 2

Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service (memory consumption) via unknown vectors.

5.0
2010-08-11 CVE-2010-2218 Adobe
Linux
Microsoft
Unspecified vulnerability in Adobe Flash Media Server and Flash Media Server 2

Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to a "JS method issue."

5.0
2010-08-10 CVE-2010-2989 Nessus Information Exposure vulnerability in Nessus web Server Plugin 1.2.4

nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to obtain sensitive information via a request to the /feed method, which reveals the version in a response.

5.0
2010-08-10 CVE-2010-2493 Redhat Configuration vulnerability in Redhat Jboss Enterprise SOA Platform

The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request.

5.0
2010-08-11 CVE-2010-1890 Microsoft Improper Input Validation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista

The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."

4.6
2010-08-11 CVE-2010-1887 Microsoft Improper Input Validation vulnerability in Microsoft products

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."

4.4
2010-08-11 CVE-2010-2215 Adobe Clickjacking vulnerability in Adobe Air, Flash Player and Flash Player for Linux

Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.

4.3
2010-08-11 CVE-2010-1258 Microsoft Information Exposure vulnerability in Microsoft IE 6/7/8

Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability."

4.3
2010-08-10 CVE-2010-2988 Cisco Cross-Site Scripting vulnerability in Cisco Unified Wireless Network Solution Software 7.0

Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.

4.3
2010-08-10 CVE-2010-2987 Cisco Cross-Site Scripting vulnerability in Cisco Wireless Control System Software 7.0

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854.

4.3
2010-08-10 CVE-2010-2986 Cisco Cross-Site Scripting vulnerability in Cisco Wireless Control System Software

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

4.3
2010-08-10 CVE-2010-2985 IBM Cross-Site Scripting vulnerability in IBM Websphere Service Registry and Repository 6.3.0

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.

4.3
2010-08-09 CVE-2010-2800 Cabextract Project Resource Management Errors vulnerability in Cabextract Project Cabextract

The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.

4.3
2010-08-10 CVE-2010-2634 RSA Unspecified vulnerability in RSA Envision

RSA enVision before 3.7 SP1 allows remote authenticated users to cause a denial of service via unspecified vectors.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-08-10 CVE-2010-2474 Redhat Improper Input Validation vulnerability in Redhat products

JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service.

3.5
2010-08-10 CVE-2010-2574 Mantisbt Cross-Site Scripting vulnerability in Mantisbt 1.2.2

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

2.1
2010-08-10 CVE-2010-2975 Cisco Information Exposure vulnerability in Cisco Unified Wireless Network Solution Software 7.0/7.0.98.0

Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.

2.1