Weekly Vulnerabilities Reports > November 22 to 28, 2010

Overview

57 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 45 products from 20 vendors including Apple, Microsoft, Linux, Cisco, and Fedoraproject. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cryptographic Issues", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 44 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 55 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-22 CVE-2010-3038 Cisco
Linux
Credentials Management vulnerability in Cisco products

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, has a default password for the (1) root, (2) cs, and (3) develop accounts, which makes it easier for remote attackers to obtain access via the (a) FTP or (b) SSH daemon, aka Bug ID CSCti54008.

10.0
2010-11-22 CVE-2010-3826 Apple
Microsoft
Unspecified vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3824 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.

9.3
2010-11-22 CVE-2010-3823 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects.

9.3
2010-11-22 CVE-2010-3822 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3821 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3820 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3819 Apple
Microsoft
Code Injection vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3818 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.

9.3
2010-11-22 CVE-2010-3817 Apple
Microsoft
Unspecified vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3816 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

9.3
2010-11-22 CVE-2010-3812 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari and Webkit

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.

9.3
2010-11-22 CVE-2010-3811 Apple
Microsoft
Resource Management Errors vulnerability in Apple Safari and Webkit

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.

9.3
2010-11-22 CVE-2010-3809 Apple
Microsoft
Code Injection vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3808 Apple
Microsoft
Code Injection vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

9.3
2010-11-22 CVE-2010-3805 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari and Webkit

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets.

9.3
2010-11-22 CVE-2010-3803 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari and Webkit

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

9.3
2010-11-22 CVE-2010-4299 Novell Buffer Errors vulnerability in Novell Zenworks Handheld Management 7

Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.

9.3

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-22 CVE-2010-3037 Cisco Code Injection vulnerability in Cisco products

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059.

8.5
2010-11-26 CVE-2010-3705 Linux
Fedoraproject
Debian
Canonical
Resource Exhaustion vulnerability in multiple products

The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.

8.3
2010-11-22 CVE-2010-3432 Linux
Opensuse
Suse
Debian
Canonical
Improper Input Validation vulnerability in multiple products

The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic.

7.8
2010-11-26 CVE-2010-4298 Dustincowell SQL Injection vulnerability in Dustincowell Free Simple Software 1.0

SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.

7.5
2010-11-26 CVE-2010-4300 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption.

7.5
2010-11-26 CVE-2010-3830 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

7.2
2010-11-26 CVE-2010-2962 Linux
Fedoraproject
Opensuse
Suse
Canonical
Improper Input Validation vulnerability in multiple products

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.

7.2
2010-11-22 CVE-2010-4210 Freebsd Permissions, Privileges, and Access Controls vulnerability in Freebsd

The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.

7.2
2010-11-22 CVE-2010-3872 Apache Numeric Errors vulnerability in Apache MOD Fcgid

The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."

7.2

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-22 CVE-2010-4167 Imagemagick Local Privilege Escalation vulnerability in ImageMagick 'configure.c' Configuration File Loading

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

6.9
2010-11-26 CVE-2010-3910 Vtiger Path Traversal vulnerability in Vtiger CRM

Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2010-11-26 CVE-2010-3855 Freetype Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype

Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.

6.8
2010-11-26 CVE-2010-3832 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

6.8
2010-11-26 CVE-2010-3814 Freetype Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

6.8
2010-11-26 CVE-2010-4312 Apache Configuration vulnerability in Apache Tomcat

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.

6.4
2010-11-22 CVE-2010-4304 Cisco Cryptographic Issues vulnerability in Cisco products

The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048.

6.4
2010-11-26 CVE-2010-2963 Linux
Fedoraproject
Opensuse
Suse
Debian
Canonical
Improper Input Validation vulnerability in multiple products

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

6.2
2010-11-26 CVE-2010-3909 Vtiger Code Injection vulnerability in Vtiger CRM

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

6.0
2010-11-26 CVE-2010-3829 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.

5.8
2010-11-22 CVE-2010-3813 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality.

5.8
2010-11-26 CVE-2010-4311 Dustincowell Cryptographic Issues vulnerability in Dustincowell Free Simple Software 1.0

Free Simple Software 1.0 stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information.

5.0
2010-11-26 CVE-2010-4301 Wireshark Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1

epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.

5.0
2010-11-26 CVE-2010-3445 Wireshark Resource Management Errors vulnerability in Wireshark

Stack consumption vulnerability in the dissect_ber_unknown function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.4.x before 1.4.1 and 1.2.x before 1.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a long string in an unknown ASN.1/BER encoded packet, as demonstrated using SNMP.

5.0
2010-11-22 CVE-2010-4305 Cisco Cryptographic Issues vulnerability in Cisco products

Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052.

5.0
2010-11-22 CVE-2010-3804 Apple
Microsoft
Cryptographic Issues vulnerability in Apple Safari and Webkit

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

5.0
2010-11-26 CVE-2010-3698 Linux
Fedoraproject
Resource Exhaustion vulnerability in multiple products

The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).

4.9
2010-11-22 CVE-2010-4303 Cisco
Linux
Credentials Management vulnerability in Cisco products

Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043.

4.9
2010-11-22 CVE-2010-4302 Cisco
Linux
Cryptographic Issues vulnerability in Cisco products

/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010.

4.9
2010-11-22 CVE-2010-4169 Linux
Fedoraproject
Opensuse
Suse
USE After Free vulnerability in multiple products

Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call.

4.9
2010-11-22 CVE-2010-4165 Linux
Opensuse
Suse
Divide BY Zero vulnerability in multiple products

The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.

4.9
2010-11-26 CVE-2010-4172 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.

4.3
2010-11-26 CVE-2010-3911 Vtiger Cross-Site Scripting vulnerability in Vtiger CRM

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php.

4.3
2010-11-26 CVE-2010-3831 Apple Information Exposure vulnerability in Apple Iphone OS

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.

4.3
2010-11-26 CVE-2010-3828 Apple Unspecified vulnerability in Apple Iphone OS

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

4.3
2010-11-26 CVE-2010-3827 Apple Improper Input Validation vulnerability in Apple Iphone OS

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

4.3
2010-11-26 CVE-2008-7266 RSA Cross-Site Scripting vulnerability in RSA Adaptive Authentication

Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Authentication 2.x and 5.7.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2010-11-22 CVE-2010-3810 Apple
Microsoft
Unspecified vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

4.3
2010-11-22 CVE-2010-3618 PGP Cryptographic Issues vulnerability in PGP Desktop FOR mac and Desktop for Windows

PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-22 CVE-2010-4173 Openfabrics Link Following vulnerability in Openfabrics Libsdp

The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.

3.3