Weekly Vulnerabilities Reports > November 1 to 7, 2010
Overview
10 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 16 products from 10 vendors including Google, Fedoraproject, Webkitgtk, Debian, and Redhat. Vulnerabilities are notably categorized as "Use After Free", "Integer Overflow or Wraparound", "Improper Input Validation", and "Out-of-bounds Write".
- 10 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-06 | CVE-2010-4205 | Unspecified vulnerability in Google Chrome Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 9.8 | |
| 2010-11-06 | CVE-2010-4204 | Google Webkitgtk Fedoraproject | WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 9.8 |
| 2010-11-06 | CVE-2010-4203 | Google Webmproject Redhat | Integer Overflow or Wraparound vulnerability in multiple products WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. | 9.8 |
| 2010-11-06 | CVE-2010-4202 | Integer Overflow or Wraparound vulnerability in Google Chrome Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. | 9.8 | |
| 2010-11-06 | CVE-2010-4201 | Use After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. | 9.8 | |
| 2010-11-06 | CVE-2010-4197 | Google Webkitgtk Fedoraproject | Use After Free vulnerability in multiple products Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing. | 9.8 |
| 2010-11-05 | CVE-2010-2941 | Apple Fedoraproject Canonical Debian Opensuse Suse Redhat | Use After Free vulnerability in multiple products ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | 9.8 |
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-11-06 | CVE-2010-4206 | Google Webkitgtk Fedoraproject | Out-of-bounds Write vulnerability in multiple products Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters. | 8.8 |
| 2010-11-06 | CVE-2010-4199 | Google Debian | Improper Input Validation vulnerability in multiple products Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | 8.8 |
| 2010-11-06 | CVE-2010-4198 | Google Webkitgtk Fedoraproject | Improper Input Validation vulnerability in multiple products WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | 8.8 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|