Weekly Vulnerabilities Reports > September 6 to 12, 2010
Overview
75 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 26 vendors including Google, Apple, Mozilla, Canonical, and Cisco. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Cross-site Scripting", and "NULL Pointer Dereference".
- 58 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 62 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-09 | CVE-2010-1809 | Apple | Unspecified vulnerability in Apple Iphone OS The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. | 10.0 |
2010-09-07 | CVE-2010-3254 | Integer Overflow OR Wraparound vulnerability in Google Chrome The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-07 | CVE-2010-3253 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-07 | CVE-2010-3252 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-10 | CVE-2010-3199 | Tigris | Permissions, Privileges, and Access Controls vulnerability in Tigris Tortoisesvn Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. | 9.3 |
2010-09-10 | CVE-2010-1807 | Apple Webkitgtk | Improper Input Validation vulnerability in multiple products WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | 9.3 |
2010-09-10 | CVE-2010-1806 | Apple | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | 9.3 |
2010-09-09 | CVE-2010-3169 | Mozilla | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-09-09 | CVE-2010-3168 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | 9.3 |
2010-09-09 | CVE-2010-3167 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | 9.3 |
2010-09-09 | CVE-2010-3166 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. | 9.3 |
2010-09-09 | CVE-2010-2770 | Mozilla Apple | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. | 9.3 |
2010-09-09 | CVE-2010-2767 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | 9.3 |
2010-09-09 | CVE-2010-2766 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. | 9.3 |
2010-09-09 | CVE-2010-2765 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | 9.3 |
2010-09-09 | CVE-2010-2760 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | 9.3 |
2010-09-07 | CVE-2010-3258 | Deserialization of Untrusted Data vulnerability in Google Chrome The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. | 9.3 | |
2010-09-07 | CVE-2010-3257 | Google Webkitgtk Apple Canonical | USE After Free vulnerability in multiple products Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | 9.3 |
2010-09-07 | CVE-2010-3255 | Google Webkitgtk | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 9.3 |
2010-09-07 | CVE-2010-3249 | Denial-Of-Service vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. | 9.3 | |
2010-09-07 | CVE-2010-2874 | Adobe | Resource Management Errors vulnerability in Adobe Shockwave Player Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. | 9.3 |
2010-09-10 | CVE-2010-3033 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | 9.0 |
2010-09-10 | CVE-2010-2843 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033. | 9.0 |
2010-09-10 | CVE-2010-2842 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | 9.0 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-10 | CVE-2010-3006 | HP | Unspecified vulnerability in HP Proliant G6 Lights-Out 100 Remote Management Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2010-09-10 | CVE-2010-0574 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. | 7.8 |
2010-09-08 | CVE-2010-2798 | Linux Vmware Canonical Debian Avaya Opensuse Suse | NULL Pointer Dereference vulnerability in multiple products The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | 7.8 |
2010-09-08 | CVE-2010-2524 | Linux Vmware Canonical Suse | The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | 7.8 |
2010-09-08 | CVE-2010-2492 | Linux Vmware Avaya | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. | 7.8 |
2010-09-08 | CVE-2010-3004 | HP Microsoft | Unspecified vulnerability in HP Operations Agent 7.36/8.60 Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2010-09-09 | CVE-2010-2883 | Adobe | Out-of-bounds Write vulnerability in Adobe Acrobat and Acrobat Reader Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. | 7.3 |
2010-09-09 | CVE-2010-3007 | HP | Unspecified vulnerability in HP Data Protector Express 3.1/3.5/4.0 Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. | 7.2 |
2010-09-08 | CVE-2010-2960 | Linux Canonical Suse | Null Pointer Dereference vulnerability in multiple products The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | 7.2 |
2010-09-07 | CVE-2009-4997 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.27.92 gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
2010-09-07 | CVE-2006-7240 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.14.0 gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
35 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-10 | CVE-2010-1805 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | 6.9 |
2010-09-10 | CVE-2010-2841 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938. | 6.8 |
2010-09-09 | CVE-2010-1817 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | 6.8 |
2010-09-09 | CVE-2010-1815 | Apple Webkitgtk Canonical | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | 6.8 |
2010-09-09 | CVE-2010-1814 | Apple Webkitgtk Canonical | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. | 6.8 |
2010-09-09 | CVE-2010-1813 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | 6.8 |
2010-09-09 | CVE-2010-1812 | Apple Webkitgtk Canonical | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. | 6.8 |
2010-09-09 | CVE-2010-1811 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. | 6.8 |
2010-09-09 | CVE-2010-1781 | Apple Canonical | Resource Management Errors vulnerability in multiple products Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. | 6.8 |
2010-09-09 | CVE-2010-2762 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. | 6.8 |
2010-09-08 | CVE-2010-3005 | HP Microsoft | Unspecified vulnerability in HP Operations Agent 7.36/8.60 Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. | 6.8 |
2010-09-07 | CVE-2010-3213 | Microsoft | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Outlook web Access 2007 Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. | 6.8 |
2010-09-07 | CVE-2009-4898 | Twiki | Cross-Site Request Forgery (CSRF) vulnerability in Twiki Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. | 6.8 |
2010-09-10 | CVE-2010-2956 | Todd Miller | Local Privilege Escalation vulnerability in Todd Miller Sudo Runas Group Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | 6.2 |
2010-09-09 | CVE-2010-3017 | RSA | Unspecified vulnerability in RSA Access Manager Agent 4.7.1 Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors. | 5.7 |
2010-09-08 | CVE-2010-2066 | Linux Vmware Canonical Suse | The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | 5.5 |
2010-09-10 | CVE-2010-3034 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | 5.0 |
2010-09-10 | CVE-2010-0575 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | 5.0 |
2010-09-07 | CVE-2010-3250 | Remote Security vulnerability in Chrome Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors. | 5.0 | |
2010-09-07 | CVE-2010-3248 | Google Canonical | Security vulnerability in Google Chrome Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. | 5.0 |
2010-09-08 | CVE-2009-4895 | Linux Debian Canonical | NULL Pointer Dereference vulnerability in multiple products Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. | 4.7 |
2010-09-07 | CVE-2010-3244 | Blackboard | Information Exposure vulnerability in Blackboard Transact Suite 3.6.0.1 BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field. | 4.6 |
2010-09-10 | CVE-2010-3263 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | 4.3 |
2010-09-10 | CVE-2010-3003 | HP | Cross-Site Scripting vulnerability in HP Insight Diagnostics Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-09 | CVE-2010-3018 | RSA | Information Exposure vulnerability in RSA Access Manager Server 5.5.3/6.0.4/6.1 RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. | 4.3 |
2010-09-09 | CVE-2010-2769 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | 4.3 |
2010-09-09 | CVE-2010-2768 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | 4.3 |
2010-09-09 | CVE-2010-2764 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | 4.3 |
2010-09-09 | CVE-2010-2763 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. | 4.3 |
2010-09-08 | CVE-2010-3198 | Zope | Denial Of Service vulnerability in Zope ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions. | 4.3 |
2010-09-07 | CVE-2010-3259 | Google Webkitgtk Apple Canonical | Information Exposure vulnerability in multiple products WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | 4.3 |
2010-09-07 | CVE-2010-3256 | Remote Security vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. | 4.3 | |
2010-09-07 | CVE-2010-3251 | Null Pointer Dereference vulnerability in Google Chrome The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 4.3 | |
2010-09-07 | CVE-2010-3247 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences. | 4.3 | |
2010-09-07 | CVE-2010-3246 | Security Bypass vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-09 | CVE-2010-1810 | Apple | Unspecified vulnerability in Apple Iphone OS FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | 3.5 |
2010-09-07 | CVE-2010-2802 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. | 3.5 |
2010-09-10 | CVE-2010-2957 | S9Y | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2010-09-08 | CVE-2010-3264 | Novell | Credentials Management vulnerability in Novell Identity Manager 3.6.1 The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2010-09-07 | CVE-2010-3245 | Blackboard | Information Exposure vulnerability in Blackboard Transact Suite The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. | 2.1 |