Weekly Vulnerabilities Reports > November 15 to 21, 2010

Overview

2 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 4 products from 3 vendors including Apple, Fedoraproject, and Openttd. Vulnerabilities are notably categorized as "Use After Free", and "Improper Certificate Validation".

  • 2 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-15 CVE-2010-1378 Apple Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

9.8

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-17 CVE-2010-4168 Openttd
Fedoraproject
Use After Free vulnerability in multiple products

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

7.5

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS