Weekly Vulnerabilities Reports > January 3 to 9, 2011

Overview

72 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 45 products from 26 vendors including Cisco, Linux, Opensuse, Suse, and Debian. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 61 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 62 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-07 CVE-2011-0347 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.

9.3
2011-01-07 CVE-2011-0346 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7/8

Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."

9.3
2011-01-07 CVE-2010-3311 Freetype Numeric Errors vulnerability in Freetype

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

9.3
2011-01-07 CVE-2010-4541 Gimp Buffer Errors vulnerability in Gimp 2.6.11

Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file.

9.3
2011-01-07 CVE-2010-4538 Wireshark Buffer Errors vulnerability in Wireshark 1.4.2

Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.

9.3
2011-01-03 CVE-2010-3907 Videolan Numeric Errors vulnerability in Videolan VLC Media Player

Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.

9.3
2011-01-07 CVE-2010-4680 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.

9.0
2011-01-07 CVE-2010-4675 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-07 CVE-2010-4692 Cisco Multiple Security vulnerability in Cisco products

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592.

7.8
2011-01-07 CVE-2010-4691 Cisco Multiple Security vulnerability in Cisco products

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742.

7.8
2011-01-07 CVE-2010-4689 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460.

7.8
2011-01-07 CVE-2010-4688 Cisco Multiple Security vulnerability in Cisco products

Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030.

7.8
2011-01-07 CVE-2010-4686 Cisco Resource Exhaustion vulnerability in Cisco IOS

CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.

7.8
2011-01-07 CVE-2010-4683 Cisco Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS

Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733.

7.8
2011-01-07 CVE-2009-5038 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.

7.8
2011-01-07 CVE-2010-4682 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867.

7.8
2011-01-07 CVE-2010-4679 Cisco Improper Input Validation vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816.

7.8
2011-01-07 CVE-2010-4674 Cisco Resource Management Errors vulnerability in Cisco products

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992.

7.8
2011-01-07 CVE-2010-4673 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316.

7.8
2011-01-07 CVE-2010-4672 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269.

7.8
2011-01-07 CVE-2010-4671 Cisco Resource Exhaustion vulnerability in Cisco IOS

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534.

7.8
2011-01-07 CVE-2010-4670 Cisco Resource Management Errors vulnerability in Cisco products

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526.

7.8
2011-01-07 CVE-2010-4669 Microsoft Resource Management Errors vulnerability in Microsoft products

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.

7.8
2011-01-03 CVE-2010-4164 Linux
Opensuse
Suse
Debian
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_D facility data, a different vulnerability than CVE-2010-3873.

7.8
2011-01-07 CVE-2010-2643 Redhat Numeric Errors vulnerability in Redhat Evince

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

7.6
2011-01-07 CVE-2010-2642 Redhat
T1Lib
TUG
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

7.6
2011-01-07 CVE-2010-2641 Redhat Improper Input Validation vulnerability in Redhat Evince

Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

7.6
2011-01-07 CVE-2010-2640 Redhat Improper Input Validation vulnerability in Redhat Evince

Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer.

7.6
2011-01-07 CVE-2010-3984 CA Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CA products

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.

7.5
2011-01-07 CVE-2010-4543 Gimp Buffer Errors vulnerability in Gimp 2.6.11

Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image.

7.5
2011-01-07 CVE-2010-4498 Tibco Input Validation vulnerability in TIBCO

Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.

7.5
2011-01-07 CVE-2010-4496 Tibco SQL Injection vulnerability in Tibco Activecatalog and Collaborative Information Manager

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2011-01-07 CVE-2010-4681 Cisco Remote vulnerability in Cisco products

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901.

7.5
2011-01-07 CVE-2010-4678 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769.

7.5
2011-01-07 CVE-2010-4523 Opensc Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opensc-Project Opensc

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.

7.2
2011-01-07 CVE-2010-3856 GNU Permissions, Privileges, and Access Controls vulnerability in GNU Glibc

ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.

7.2
2011-01-07 CVE-2010-4684 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.

7.1

30 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-07 CVE-2010-3847 GNU Link Following vulnerability in GNU Glibc

elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.

6.9
2011-01-07 CVE-2010-4160 Linux
Opensuse
Suse
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call.

6.9
2011-01-07 CVE-2010-4542 Gimp Buffer Errors vulnerability in Gimp 2.6.11

Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.

6.8
2011-01-07 CVE-2010-4540 Gimp Buffer Errors vulnerability in Gimp 2.6.11

Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file.

6.8
2011-01-07 CVE-2010-4539 Apache Resource Management Errors vulnerability in Apache Subversion

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.

6.8
2011-01-07 CVE-2009-5040 Cisco Resource Management Errors vulnerability in Cisco IOS

CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.

6.8
2011-01-07 CVE-2010-4676 Cisco Resource Management Errors vulnerability in Cisco products

Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748.

6.8
2011-01-07 CVE-2010-0215 A51Dev Permissions, Privileges, and Access Controls vulnerability in A51Dev Activecollab

ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.

6.0
2011-01-03 CVE-2010-4350 Mantisbt Path Traversal vulnerability in Mantisbt

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a ..

5.1
2011-01-07 CVE-2010-4690 Cisco Improper Authentication vulnerability in Cisco products

The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635.

5.0
2011-01-07 CVE-2010-4687 Cisco Improper Input Validation vulnerability in Cisco IOS

STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.

5.0
2011-01-07 CVE-2009-5039 Cisco Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535.

5.0
2011-01-07 CVE-2010-4677 Cisco Resource Management Errors vulnerability in Cisco products

emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416.

5.0
2011-01-07 CVE-2009-5037 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911.

5.0
2011-01-03 CVE-2010-4349 Mantisbt Information Exposure vulnerability in Mantisbt

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

5.0
2011-01-03 CVE-2010-3873 Linux
Opensuse
Suse
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different vulnerability than CVE-2010-4164.

5.0
2011-01-03 CVE-2010-1677 Mhonarc Resource Management Errors vulnerability in Mhonarc 2.6.16

MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.

5.0
2011-01-03 CVE-2010-3448 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation.

4.9
2011-01-03 CVE-2010-4668 Linux Resource Exhaustion vulnerability in Linux Kernel

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map.

4.7
2011-01-03 CVE-2010-4163 Linux
Opensuse
Suse
Improper Input Validation vulnerability in multiple products

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.36.2 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device.

4.7
2011-01-03 CVE-2010-4162 Linux
Fedoraproject
Opensuse
Suse
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (system crash) via a crafted device ioctl to a SCSI device.

4.7
2011-01-07 CVE-2010-3201 Netwin Cross-Site Scripting vulnerability in Netwin Surgemail

Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.

4.3
2011-01-07 CVE-2010-4499 Tibco Input Validation vulnerability in TIBCO

Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors.

4.3
2011-01-07 CVE-2010-4497 Tibco Cross-Site Scripting vulnerability in Tibco Activecatalog and Collaborative Information Manager

Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-01-07 CVE-2010-4324 Novell Cross-Site Scripting vulnerability in Novell products

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-01-03 CVE-2010-4536 Wordpress Cross-Site Scripting vulnerability in Wordpress

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.

4.3
2011-01-03 CVE-2010-4524 Mhonarc Cross-Site Scripting vulnerability in Mhonarc 2.6.16

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.

4.3
2011-01-03 CVE-2010-4348 Mantisbt Cross-Site Scripting vulnerability in Mantisbt

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.

4.3
2011-01-07 CVE-2010-4685 Cisco Improper Certificate Validation vulnerability in Cisco IOS

Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.

4.0
2011-01-07 CVE-2010-4528 Pidgin Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin

directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-07 CVE-2010-4322 Novell Cross-Site Scripting vulnerability in Novell Vibe Onprem 3

Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.

3.5
2011-01-07 CVE-2010-4644 Apache Resource Management Errors vulnerability in Apache Subversion

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

3.5
2011-01-03 CVE-2010-3875 Linux
Debian
Information Exposure vulnerability in multiple products

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

2.1
2011-01-03 CVE-2010-3877 Linux
Debian
Missing Initialization of Resource vulnerability in multiple products

The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

1.9
2011-01-03 CVE-2010-3876 Linux
Opensuse
Suse
Debian
Missing Initialization of Resource vulnerability in multiple products

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.

1.9