Weekly Vulnerabilities Reports > December 6 to 12, 2010

Overview

2 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 7 vendors including Linux, Opensuse, Microsoft, Redhat, and Suse. Vulnerabilities are notably categorized as "Out-of-bounds Write", and "Improper Validation of Specified Quantity in Input".

  • 6 reported vulnerabilities have public exploit available.
  • Linux has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-12-06 CVE-2010-3904 Linux
Suse
Opensuse
Canonical
Redhat
Vmware
Improper Validation of Specified Quantity in Input vulnerability in multiple products

The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.

7.8
2010-12-06 CVE-2010-4398 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."

7.8

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS