Weekly Vulnerabilities Reports > January 3 to 9, 2011
Overview
31 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 27 products from 15 vendors including Cisco, Redhat, Tibco, Mantisbt, and Microsoft. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Exhaustion", and "Resource Management Errors".
- 30 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 26 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-07 | CVE-2011-0347 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. | 9.3 |
2011-01-07 | CVE-2010-4538 | Wireshark | Buffer Errors vulnerability in Wireshark 1.4.2 Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. | 9.3 |
14 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-07 | CVE-2010-4686 | Cisco | Resource Exhaustion vulnerability in Cisco IOS CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. | 7.8 |
2011-01-07 | CVE-2010-4683 | Cisco | Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | 7.8 |
2011-01-07 | CVE-2009-5038 | Cisco | Improper Input Validation vulnerability in Cisco IOS Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | 7.8 |
2011-01-07 | CVE-2010-4671 | Cisco | Resource Exhaustion vulnerability in Cisco IOS The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. | 7.8 |
2011-01-07 | CVE-2010-4669 | Microsoft | Resource Management Errors vulnerability in Microsoft products The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. | 7.8 |
2011-01-07 | CVE-2010-2643 | Redhat | Numeric Errors vulnerability in Redhat Evince Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 7.6 |
2011-01-07 | CVE-2010-2642 | Redhat T1Lib TUG | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 7.6 |
2011-01-07 | CVE-2010-2641 | Redhat | Improper Input Validation vulnerability in Redhat Evince Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 7.6 |
2011-01-07 | CVE-2010-2640 | Redhat | Improper Input Validation vulnerability in Redhat Evince Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 7.6 |
2011-01-07 | CVE-2010-3984 | CA | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA products Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx. | 7.5 |
2011-01-07 | CVE-2010-4498 | Tibco | Input Validation vulnerability in TIBCO Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 7.5 |
2011-01-07 | CVE-2010-4496 | Tibco | SQL Injection vulnerability in Tibco Activecatalog and Collaborative Information Manager Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-01-07 | CVE-2010-4523 | Opensc Project | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opensc-Project Opensc Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. | 7.2 |
2011-01-07 | CVE-2010-4684 | Cisco | Improper Input Validation vulnerability in Cisco IOS Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | 7.1 |
14 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-07 | CVE-2009-5040 | Cisco | Resource Management Errors vulnerability in Cisco IOS CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | 6.8 |
2011-01-07 | CVE-2010-0215 | Activecollab | Permissions, Privileges, and Access Controls vulnerability in Activecollab ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | 6.0 |
2011-01-03 | CVE-2010-4350 | Mantisbt | Path Traversal vulnerability in Mantisbt Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
2011-01-07 | CVE-2010-4687 | Cisco | Improper Input Validation vulnerability in Cisco IOS STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | 5.0 |
2011-01-07 | CVE-2009-5039 | Cisco | Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | 5.0 |
2011-01-03 | CVE-2010-4349 | Mantisbt | Information Exposure vulnerability in Mantisbt admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | 5.0 |
2011-01-07 | CVE-2010-3201 | Netwin | Cross-Site Scripting vulnerability in Netwin Surgemail Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | 4.3 |
2011-01-07 | CVE-2010-4499 | Tibco | Input Validation vulnerability in TIBCO Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2011-01-07 | CVE-2010-4497 | Tibco | Cross-Site Scripting vulnerability in Tibco Activecatalog and Collaborative Information Manager Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-07 | CVE-2010-4324 | Novell | Cross-Site Scripting vulnerability in Novell products Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-03 | CVE-2010-4536 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form. | 4.3 |
2011-01-03 | CVE-2010-4348 | Mantisbt | Cross-Site Scripting vulnerability in Mantisbt Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP. | 4.3 |
2011-01-07 | CVE-2010-4685 | Cisco | Improper Certificate Validation vulnerability in Cisco IOS Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | 4.0 |
2011-01-07 | CVE-2010-4528 | Pidgin | Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-07 | CVE-2010-4322 | Novell | Cross-Site Scripting vulnerability in Novell Vibe Onprem 3 Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field. | 3.5 |