Weekly Vulnerabilities Reports > September 6 to 12, 2010
Overview
86 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 29 vendors including Apple, Google, Mozilla, Canonical, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Resource Management Errors", and "Information Exposure".
- 65 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 78 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-09 | CVE-2010-1809 | Apple | Unspecified vulnerability in Apple Iphone OS The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. | 10.0 |
2010-09-08 | CVE-2010-2495 | Linux Canonical Suse | Null Pointer Dereference vulnerability in multiple products The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors related to a routing change. | 10.0 |
2010-09-07 | CVE-2010-3254 | Integer Overflow OR Wraparound vulnerability in Google Chrome The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-07 | CVE-2010-3253 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-07 | CVE-2010-3252 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2010-09-07 | CVE-2010-2521 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service (panic) or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the read_buf and nfsd4_decode_compound functions. | 10.0 |
2010-09-10 | CVE-2010-3199 | Tigris | Permissions, Privileges, and Access Controls vulnerability in Tigris Tortoisesvn Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. | 9.3 |
2010-09-10 | CVE-2010-1807 | Apple Webkitgtk | Improper Input Validation vulnerability in multiple products WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | 9.3 |
2010-09-10 | CVE-2010-1806 | Apple | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers. | 9.3 |
2010-09-09 | CVE-2010-2883 | Adobe Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. | 9.3 |
2010-09-09 | CVE-2010-3169 | Mozilla | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-09-09 | CVE-2010-3168 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | 9.3 |
2010-09-09 | CVE-2010-3167 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | 9.3 |
2010-09-09 | CVE-2010-3166 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. | 9.3 |
2010-09-09 | CVE-2010-2770 | Mozilla Apple | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. | 9.3 |
2010-09-09 | CVE-2010-2767 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | 9.3 |
2010-09-09 | CVE-2010-2766 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. | 9.3 |
2010-09-09 | CVE-2010-2765 | Mozilla | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | 9.3 |
2010-09-09 | CVE-2010-2760 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | 9.3 |
2010-09-07 | CVE-2010-3258 | Deserialization of Untrusted Data vulnerability in Google Chrome The sandbox implementation in Google Chrome before 6.0.472.53 does not properly deserialize parameters, which has unspecified impact and remote attack vectors. | 9.3 | |
2010-09-07 | CVE-2010-3257 | Google Webkitgtk Apple Canonical | USE After Free vulnerability in multiple products Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus. | 9.3 |
2010-09-07 | CVE-2010-3255 | Google Webkitgtk | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | 9.3 |
2010-09-07 | CVE-2010-3249 | Denial-Of-Service vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly implement SVG filters, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "stale pointer" issue. | 9.3 | |
2010-09-07 | CVE-2010-2874 | Adobe | Resource Management Errors vulnerability in Adobe Shockwave Player Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. | 9.3 |
2010-09-10 | CVE-2010-3033 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | 9.0 |
2010-09-10 | CVE-2010-2843 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033. | 9.0 |
2010-09-10 | CVE-2010-2842 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-10 | CVE-2010-3006 | HP | Unspecified vulnerability in HP Proliant G6 Lights-Out 100 Remote Management Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote Management card with firmware before 4.06 allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2010-09-10 | CVE-2010-0574 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 3.2 before 3.2.215.0; 4.1 and 4.2 before 4.2.205.0; 4.1M and 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.188.0; and 5.2 before 5.2.193.11 allows remote attackers to cause a denial of service (device reload) via a crafted IKE packet, aka Bug ID CSCta56653. | 7.8 |
2010-09-07 | CVE-2010-2248 | Linux | Improper Input Validation vulnerability in Linux Kernel fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service (panic) via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite2 functions. | 7.8 |
2010-09-08 | CVE-2010-3004 | HP Microsoft | Unspecified vulnerability in HP Operations Agent 7.36/8.60 Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
2010-09-09 | CVE-2010-3007 | HP | Unspecified vulnerability in HP Data Protector Express 3.1/3.5/4.0 Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors. | 7.2 |
2010-09-08 | CVE-2010-2960 | Linux Canonical Suse | Null Pointer Dereference vulnerability in multiple products The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. | 7.2 |
2010-09-08 | CVE-2010-2959 | Linux Fedoraproject Debian Opensuse Suse | Integer Overflow OR Wraparound vulnerability in multiple products Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic. | 7.2 |
2010-09-08 | CVE-2010-2798 | Linux Vmware Canonical Debian Avaya Opensuse Suse | Null Pointer Dereference vulnerability in multiple products The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. | 7.2 |
2010-09-08 | CVE-2010-2492 | Linux Vmware Avaya | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors. | 7.2 |
2010-09-07 | CVE-2010-2739 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. | 7.2 |
2010-09-07 | CVE-2009-4997 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.27.92 gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
2010-09-07 | CVE-2009-4996 | Xfce | Permissions, Privileges, and Access Controls vulnerability in Xfce 4.6 ** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
2010-09-07 | CVE-2006-7240 | Gnome | Permissions, Privileges, and Access Controls vulnerability in Gnome Power Manager 2.14.0 gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | 7.2 |
38 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-10 | CVE-2010-1805 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | 6.9 |
2010-09-10 | CVE-2010-2841 | Cisco | Unspecified vulnerability in Cisco Wireless LAN Controller Software Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938. | 6.8 |
2010-09-09 | CVE-2010-1817 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | 6.8 |
2010-09-09 | CVE-2010-1815 | Apple Webkitgtk Canonical | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | 6.8 |
2010-09-09 | CVE-2010-1814 | Apple Webkitgtk Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. | 6.8 |
2010-09-09 | CVE-2010-1813 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | 6.8 |
2010-09-09 | CVE-2010-1812 | Apple Webkitgtk Canonical | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. | 6.8 |
2010-09-09 | CVE-2010-1811 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. | 6.8 |
2010-09-09 | CVE-2010-1781 | Apple Canonical | Resource Management Errors vulnerability in multiple products Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. | 6.8 |
2010-09-09 | CVE-2010-2762 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. | 6.8 |
2010-09-08 | CVE-2010-3005 | HP Microsoft | Unspecified vulnerability in HP Operations Agent 7.36/8.60 Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on Windows allows local users to gain privileges via unknown vectors. | 6.8 |
2010-09-07 | CVE-2010-3213 | Microsoft | Cross-Site Request Forgery (CSRF) vulnerability in Microsoft Outlook web Access 2007 Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule. | 6.8 |
2010-09-07 | CVE-2009-4898 | Twiki | Cross-Site Request Forgery (CSRF) vulnerability in Twiki Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. | 6.8 |
2010-09-10 | CVE-2010-2948 | Quagga | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. | 6.5 |
2010-09-10 | CVE-2010-2956 | Todd Miller | Local Privilege Escalation vulnerability in Todd Miller Sudo Runas Group Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | 6.2 |
2010-09-09 | CVE-2010-3017 | RSA | Unspecified vulnerability in RSA Access Manager Agent 4.7.1 Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before 4.7.1.7, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors. | 5.7 |
2010-09-10 | CVE-2010-2949 | Quagga | Denial Of Service vulnerability in Quagga bgpd Null Pointer Deference bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | 5.0 |
2010-09-10 | CVE-2010-3034 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | 5.0 |
2010-09-10 | CVE-2010-0575 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | 5.0 |
2010-09-07 | CVE-2010-3250 | Remote Security vulnerability in Chrome Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors. | 5.0 | |
2010-09-07 | CVE-2010-3248 | Google Canonical | Security vulnerability in Google Chrome Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors. | 5.0 |
2010-09-08 | CVE-2009-4895 | Linux Debian Canonical | Race Condition vulnerability in multiple products Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. | 4.7 |
2010-09-08 | CVE-2010-2524 | Linux Vmware Canonical Suse | The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. | 4.6 |
2010-09-07 | CVE-2010-3244 | Blackboard | Information Exposure vulnerability in Blackboard Transact Suite 3.6.0.1 BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field. | 4.6 |
2010-09-10 | CVE-2010-3263 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | 4.3 |
2010-09-10 | CVE-2010-3003 | HP | Cross-Site Scripting vulnerability in HP Insight Diagnostics Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-09-09 | CVE-2010-3018 | RSA | Information Exposure vulnerability in RSA Access Manager Server 5.5.3/6.0.4/6.1 RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors. | 4.3 |
2010-09-09 | CVE-2010-2769 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | 4.3 |
2010-09-09 | CVE-2010-2768 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | 4.3 |
2010-09-09 | CVE-2010-2764 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | 4.3 |
2010-09-09 | CVE-2010-2763 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. | 4.3 |
2010-09-08 | CVE-2010-3198 | Zope | Denial Of Service vulnerability in Zope ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions. | 4.3 |
2010-09-08 | CVE-2010-2958 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056. | 4.3 |
2010-09-07 | CVE-2010-3259 | Google Webkitgtk Apple Canonical | Information Exposure vulnerability in multiple products WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site. | 4.3 |
2010-09-07 | CVE-2010-3256 | Remote Security vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly limit the number of stored autocomplete entries, which has unspecified impact and attack vectors. | 4.3 | |
2010-09-07 | CVE-2010-3251 | Null Pointer Dereference vulnerability in Google Chrome The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 4.3 | |
2010-09-07 | CVE-2010-3247 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 6.0.472.53 does not properly restrict the characters in URLs, which allows remote attackers to spoof the appearance of the URL bar via homographic sequences. | 4.3 | |
2010-09-07 | CVE-2010-3246 | Security Bypass vulnerability in Chrome Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors. | 4.3 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-09-09 | CVE-2010-1810 | Apple | Unspecified vulnerability in Apple Iphone OS FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. | 3.5 |
2010-09-07 | CVE-2010-2802 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments. | 3.5 |
2010-09-10 | CVE-2010-2957 | S9Y | Cross-Site Scripting vulnerability in S9Y Serendipity Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2010-09-08 | CVE-2010-3264 | Novell | Credentials Management vulnerability in Novell Identity Manager 3.6.1 The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file. | 2.1 |
2010-09-08 | CVE-2010-2955 | Linux Opensuse Suse Canonical | Off-By-One Error vulnerability in multiple products The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. | 2.1 |
2010-09-08 | CVE-2010-2066 | Linux Vmware Canonical Suse | The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. | 2.1 |
2010-09-07 | CVE-2010-3245 | Blackboard | Information Exposure vulnerability in Blackboard Transact Suite The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) batch (.bat) files, which allows local users to obtain sensitive information by reading a file. | 2.1 |
2010-09-08 | CVE-2010-2803 | Linux Debian Opensuse Suse | Information Exposure vulnerability in multiple products The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount. | 1.9 |