Weekly Vulnerabilities Reports > October 11 to 17, 2010

Overview

125 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 15 vendors including Oracle, Microsoft, Infradead, Cisco, and Redhat. Vulnerabilities are notably categorized as "Improper Input Validation", "Code Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".

  • 102 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 82 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 78 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 25 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-14 CVE-2010-3509 Oracle Remote Buffer Overflow vulnerability in Oracle Solaris 10/8/9

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.

10.0
2010-10-12 CVE-2010-3085 David Shadoff Code Injection vulnerability in David Shadoff Mednafen

The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.

10.0
2010-10-13 CVE-2010-3326 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 6

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2010-10-13 CVE-2010-3242 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3241 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3240 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack

Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."

9.3
2010-10-13 CVE-2010-3239 Microsoft Improper Input Validation vulnerability in Microsoft Excel 2002

Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3238 Microsoft Improper Input Validation vulnerability in Microsoft Excel and Office

Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."

9.3
2010-10-13 CVE-2010-3237 Microsoft Improper Input Validation vulnerability in Microsoft Excel and Office

Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."

9.3
2010-10-13 CVE-2010-3236 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."

9.3
2010-10-13 CVE-2010-3235 Microsoft Improper Input Validation vulnerability in Microsoft Excel 2002

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."

9.3
2010-10-13 CVE-2010-3234 Microsoft Improper Input Validation vulnerability in Microsoft Excel 2002

Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."

9.3
2010-10-13 CVE-2010-3233 Microsoft Improper Input Validation vulnerability in Microsoft Excel 2002/2003

Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3232 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3231 Microsoft Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter

Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."

9.3
2010-10-13 CVE-2010-3230 Microsoft Numeric Errors vulnerability in Microsoft Excel 2002

Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."

9.3
2010-10-13 CVE-2010-3221 Microsoft Code Injection vulnerability in Microsoft Office, Word and Word Viewer

Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3220 Microsoft Code Injection vulnerability in Microsoft Office and Word

Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3219 Microsoft Code Injection vulnerability in Microsoft Word 2002

Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."

9.3
2010-10-13 CVE-2010-3218 Microsoft Code Injection vulnerability in Microsoft Word 2002

Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."

9.3
2010-10-13 CVE-2010-3217 Microsoft Resource Management Errors vulnerability in Microsoft Word 2002

Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."

9.3
2010-10-13 CVE-2010-3216 Microsoft Code Injection vulnerability in Microsoft Office and Word

Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."

9.3
2010-10-13 CVE-2010-3215 Microsoft Code Injection vulnerability in Microsoft Office and Word

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."

9.3
2010-10-13 CVE-2010-3214 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."

9.3
2010-10-13 CVE-2010-2750 Microsoft Code Injection vulnerability in Microsoft Office and Word

Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."

9.3
2010-10-13 CVE-2010-2748 Microsoft Code Injection vulnerability in Microsoft Office and Word

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."

9.3
2010-10-13 CVE-2010-2747 Microsoft Code Injection vulnerability in Microsoft Office and Word

Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."

9.3
2010-10-14 CVE-2010-3585 Oracle Remote Code Execution vulnerability in Oracle VM 2.2.1

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.

9.0
2010-10-14 CVE-2010-3583 Oracle Remote Command Execution vulnerability in Oracle VM 2.2.1

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.

9.0
2010-10-14 CVE-2010-3582 Oracle Remote OracleVM vulnerability in Oracle VM 2.2.1

Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.

9.0
2010-10-14 CVE-2010-3578 Oracle Depot Server Remote vulnerability in Oracle OpenSolaris

Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server.

9.0

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-13 CVE-2010-3328 Microsoft Use After Free vulnerability in Microsoft Internet Explorer 6/7/8

Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."

8.8
2010-10-14 CVE-2010-2601 RIM Buffer Errors vulnerability in RIM products

Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.

7.6
2010-10-14 CVE-2010-3076 Blentz SQL Injection vulnerability in Blentz Smbind

The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.

7.5
2010-10-14 CVE-2010-2390 Oracle Remote EM Console vulnerability in Oracle products

Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2010-10-13 CVE-2010-3223 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2008 R2

The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."

7.5
2010-10-13 CVE-2010-3222 Microsoft Buffer Errors vulnerability in Microsoft Windows Server 2003 and Windows XP

Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."

7.2
2010-10-13 CVE-2010-2741 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."

7.2
2010-10-13 CVE-2010-2740 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."

7.2
2010-10-12 CVE-2010-3110 Novell
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors.

7.2

71 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-14 CVE-2010-3934 RIM Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Device Software 5.0.0.593

The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element.

6.8
2010-10-14 CVE-2010-3507 Oracle Local vulnerability in Oracle Solaris 10/8/9

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Live Upgrade.

6.6
2010-10-14 CVE-2010-2419 Oracle Java SecurityManager vulnerability in Oracle Database Server

Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2010-10-14 CVE-2010-3579 Oracle Webmail Remote Security vulnerability in Oracle Sun Convergence

Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.

6.4
2010-10-14 CVE-2010-3577 Oracle Kernel/CIFS Remote vulnerability in Oracle Open Solaris

Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS.

6.4
2010-10-14 CVE-2010-3575 Oracle Remote vulnerability in Oracle Oracle Communications Messaging Server

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail.

6.4
2010-10-14 CVE-2010-3564 Oracle Webmail Remote vulnerability in Oracle SUN products Suite 7.0

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail.

6.4
2010-10-14 CVE-2010-3901 Infradead Improper Input Validation vulnerability in Infradead Openconnect

OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.

6.4
2010-10-14 CVE-2010-3503 Oracle Local NULL Pointer vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su.

6.3
2010-10-14 CVE-2010-3500 Oracle Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Suite

Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-2405.

6.0
2010-10-14 CVE-2010-2405 Oracle Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Suite

Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-3500.

6.0
2010-10-14 CVE-2010-3546 Oracle Remote vulnerability in Oracle SUN products Suite 8.1

Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2010-10-14 CVE-2010-3545 Oracle Administration Remote vulnerability in Oracle SUN products Suite 7.0

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.

5.8
2010-10-14 CVE-2010-3544 Oracle Administration Remote vulnerability in Oracle SUN products Suite 7.0

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration.

5.8
2010-10-14 CVE-2010-3312 Gnome Remote Security vulnerability in Epiphany 2.28/2.29

Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.

5.8
2010-10-14 CVE-2010-2388 Oracle Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2010-10-14 CVE-2010-3547 Oracle Remote PeopleSoft ESA - EX vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3539 Oracle Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2010-3538.

5.5
2010-10-14 CVE-2010-3538 Oracle Remote FMS - GL vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2010-3539.

5.5
2010-10-14 CVE-2010-3537 Oracle Remote FMS - AM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3536 Oracle Remote PeopleSoft Enterprise SCM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3533 Oracle Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM Order Capture component in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3532 Oracle Remote Order Capture vulnerability in Oracle PeopleSoft Enterprise CRM

Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Capture component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #28 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3531 Oracle Remote PeopleSoft Enterprise FMS ESA - RM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3530 Oracle Remote PeopleSoft Enterprise HCM - HR vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3529 Oracle Remote FMS - Cash Management vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Management component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3527 Oracle Remote FMS - AM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect integrity and availability via unknown vectors.

5.5
2010-10-14 CVE-2010-3526 Oracle Remote PeopleSoft Enterprise SCM - PO vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3525 Oracle Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SCM, (3) EPM, (4) CRM, and (5) Campus Solutions components in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3524 Oracle Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic Sourcing component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3521 Oracle Remote PeopleSoft Enterprise HCM ePay vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3520 Oracle Remote PeopleSoft Enterprise HCM - GP France vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3518 Oracle Remote PeopleSoft Enterprise HCM GP - Japan vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #13, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-2412 Oracle Remote OLAP vulnerability in Oracle Database Server 11.1.0.7

Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2010-10-14 CVE-2010-3523 Oracle Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote attackers to affect integrity via unknown vectors.

5.0
2010-10-14 CVE-2010-3903 Infradead Denial-Of-Service vulnerability in Openconnect

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.

5.0
2010-10-14 CVE-2010-3902 Infradead Information Exposure vulnerability in Infradead Openconnect

OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.

5.0
2010-10-14 CVE-2010-3192 GNU Information Exposure vulnerability in GNU Glibc

Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.

5.0
2010-10-14 CVE-2010-3071 Duckcorp Remote Denial Of Service vulnerability in Bip `bip_on_event()` NULL Pointer Dereference

bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.

5.0
2010-10-14 CVE-2009-5009 Infradead Resource Management Errors vulnerability in Infradead Openconnect

Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

5.0
2010-10-14 CVE-2010-3501 Oracle Remote OID vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.4.3/11.1.1.2.0

Unspecified vulnerability in the OID component in Oracle Fusion Middleware 10.1.2.3, 10.1.4.3, and 11.1.1.2.0 allows remote attackers to affect availability via unknown vectors.

5.0
2010-10-12 CVE-2010-2951 Squid Cache Unspecified vulnerability in Squid-Cache Squid 3.1.6

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

5.0
2010-10-14 CVE-2010-3517 Oracle Local vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86.

4.9
2010-10-14 CVE-2010-2415 Oracle Unspecified vulnerability in Oracle Database Server

Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.

4.9
2010-10-14 CVE-2010-3580 Oracle Local Solaris vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System.

4.6
2010-10-14 CVE-2010-3534 Oracle Local Primavera P6 Enterprise Project Portfolio Management in Oracle

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.21.3.0 and 7.0.1.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Project Management Module.

4.6
2010-10-14 CVE-2010-2411 Oracle Remote Job Queue vulnerability in Oracle Database

Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB.

4.6
2010-10-14 CVE-2010-3535 Oracle Local vulnerability in Oracle Directory Server Enterprise Edition

Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows.

4.4
2010-10-14 CVE-2010-3584 Oracle Local Privilege Escalation vulnerability in Oracle VM 2.2.1

Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.

4.3
2010-10-14 CVE-2010-3514 Oracle Remote Security vulnerability in Oracle iPlanet Web Server

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container.

4.3
2010-10-14 CVE-2010-3504 Oracle Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2418 Oracle Remote Oracle Territory Management vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2416 Oracle Remote Oracle E-Business Intelligence vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2413 Oracle BI Publisher HTTP Response Splitting vulnerability in Oracle Fusion Middleware 10.1.3.3.2/10.1.3.4.1

Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2410 Oracle Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409.

4.3
2010-10-14 CVE-2010-2409 Oracle Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410.

4.3
2010-10-14 CVE-2010-2408 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2407 Oracle Remote XDK vulnerability in Oracle Database Server 10.1.0.5/10.2.0.4/11.1.0.7

Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2396 Oracle Remote Forms vulnerability in Oracle Fusion Middleware 10.1.2.3

Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2010-10-14 CVE-2010-2395 Oracle Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5

Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410.

4.3
2010-10-12 CVE-2010-3083 Apache
Redhat
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4.3
2010-10-14 CVE-2010-3540 Oracle Local ZFS vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS.

4.0
2010-10-14 CVE-2010-3528 Oracle Remote PeopleSoft Enterprise CRM - Common Components vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Components component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #41, 9.0 Bundle #28, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2010-10-14 CVE-2010-3522 Oracle Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2010-10-14 CVE-2010-3519 Oracle Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect integrity via unknown vectors.

4.0
2010-10-14 CVE-2010-3516 Oracle Local InfiniBand vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand.

4.0
2010-10-14 CVE-2010-3515 Oracle Local vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver.

4.0
2010-10-14 CVE-2010-3502 Oracle Remote Siebel Core vulnerability in Oracle Siebel Suite

Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2010-10-14 CVE-2010-2417 Oracle Remote Agile PLM vulnerability in Oracle Supply Chain products Suite 9.3.0.0

Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.0.0 allows remote authenticated users to affect integrity via unknown vectors.

4.0
2010-10-14 CVE-2010-2406 Oracle Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Core

Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2010-10-12 CVE-2010-3701 Redhat Resource Management Errors vulnerability in Redhat Enterprise MRG

lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-10-14 CVE-2010-3576 Oracle Local vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver.

3.6
2010-10-14 CVE-2010-2391 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

3.6
2010-10-14 CVE-2010-3581 Oracle BPEL Console Cross Site Scripting vulnerability in Oracle Fusion Middleware 11.1.1.1.0/11.1.1.2.0

Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.

3.5
2010-10-14 CVE-2010-3512 Oracle Remote vulnerability in Oracle SUN products Suite 7.0U8

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).

3.5
2010-10-14 CVE-2010-2404 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account.

3.5
2010-10-14 CVE-2009-5007 Cisco Link Following vulnerability in Cisco Anyconnect SSL VPN

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.

3.3
2010-10-14 CVE-2010-3508 Oracle Local vulnerability in Oracle Solaris 10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones.

3.2
2010-10-14 CVE-2010-3506 Oracle Local vulnerability in Oracle SUN products Suite 6.4

Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors.

3.0
2010-10-14 CVE-2010-3511 Oracle Local vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.

2.6
2010-10-14 CVE-2010-2414 Oracle Remote Security vulnerability in Oracle Sun Convergence

Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors.

2.6
2010-10-14 CVE-2010-3513 Oracle Device Drivers Local vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers.

2.4
2010-10-14 CVE-2009-5008 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Desktop

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.

2.1
2010-10-14 CVE-2010-3542 Oracle Local USB vulnerability in Oracle Opensolaris and Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB.

1.9
2010-10-14 CVE-2010-2389 Oracle Local Perl vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon.

1.0