Weekly Vulnerabilities Reports > January 10 to 16, 2011
Overview
105 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 45 vendors including Google, Oracle, Mysql, HP, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Resource Management Errors", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 95 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 87 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
30 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2011-0485 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0478 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0477 | Buffer Errors vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2011-01-14 | CVE-2011-0476 | Buffer Errors vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error. | 10.0 | |
2011-01-14 | CVE-2011-0474 | Google Debian | Multiple Security vulnerability in Google Chrome Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 |
2011-01-14 | CVE-2011-0473 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0471 | Improper Input Validation vulnerability in Google Chrome and Chrome OS The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2011-01-13 | CVE-2011-0271 | HP | OS Command Injection vulnerability in HP Openview Network Node Manager 7.51/7.53 The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | 10.0 |
2011-01-13 | CVE-2011-0270 | HP | USE of Externally-Controlled Format String vulnerability in HP Openview Network Node Manager 7.51/7.53 Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name. | 10.0 |
2011-01-13 | CVE-2011-0269 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0268 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0267 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266. | 10.0 |
2011-01-13 | CVE-2011-0266 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. | 10.0 |
2011-01-13 | CVE-2011-0265 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0264 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. | 10.0 |
2011-01-13 | CVE-2011-0263 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. | 10.0 |
2011-01-13 | CVE-2011-0262 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. | 10.0 |
2011-01-13 | CVE-2011-0261 | HP | Remote Code Execution vulnerability in HP OpenView Network Node Manager 7.51/7.53 Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter. | 10.0 |
2011-01-13 | CVE-2011-0444 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. | 10.0 |
2011-01-13 | CVE-2010-3912 | Novell | Credentials Management vulnerability in Novell Suse Linux 10/11 The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | 10.0 |
2011-01-11 | CVE-2011-0406 | Wellintech | Buffer Errors vulnerability in Wellintech Kingview 6.53 Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | 10.0 |
2011-01-14 | CVE-2010-4566 | Citrix | Unspecified vulnerability in Citrix Access Gateway The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. | 9.3 |
2011-01-14 | CVE-2011-0481 | Classic Buffer Overflow vulnerability in Google Chrome and Chrome OS Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading. | 9.3 | |
2011-01-14 | CVE-2011-0480 | Google Debian Canonical | Classic Buffer Overflow vulnerability in Google Chrome and Chrome OS Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue. | 9.3 |
2011-01-14 | CVE-2011-0475 | USE After Free vulnerability in Google Chrome and Chrome OS Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document. | 9.3 | |
2011-01-14 | CVE-2011-0472 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | 9.3 | |
2011-01-13 | CVE-2010-2604 | RIM | Buffer Errors vulnerability in RIM products Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | 9.3 |
2011-01-12 | CVE-2011-0027 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. | 9.3 |
2011-01-12 | CVE-2011-0026 | Microsoft | Numeric Errors vulnerability in Microsoft products Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." | 9.3 |
2011-01-11 | CVE-2011-0403 | Imgburn | DLL Loading Arbitrary Code Execution vulnerability in ImgBurn 'dwmapi.dll' Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2010-4335 | Cakefoundation | Improper Input Validation vulnerability in Cakefoundation Cakephp The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | 7.5 |
2011-01-14 | CVE-2010-0115 | Symantec | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | 7.5 |
2011-01-14 | CVE-2011-0484 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." | 7.5 | |
2011-01-14 | CVE-2011-0479 | Access of Uninitialized Pointer vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | 7.5 | |
2011-01-13 | CVE-2010-3924 | Aimluck | SQL Injection vulnerability in Aimluck Aipo SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-01-12 | CVE-2011-0423 | Polyvision | Credentials Management vulnerability in Polyvision Roomwizard and Roomwizard Firmware The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | 7.5 |
2011-01-11 | CVE-2011-0407 | Phenotype CMS | SQL Injection vulnerability in Phenotype-Cms Phenotype CMS 3.0 SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. | 7.5 |
2011-01-11 | CVE-2011-0404 | Netsupport | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netsupport Manager Agent 11.00/9.50 Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252. | 7.5 |
2011-01-11 | CVE-2010-3444 | Fribidi Kobi Zamir | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences. | 7.5 |
2011-01-11 | CVE-2010-3865 | Linux Opensuse Suse | Integer Overflow OR Wraparound vulnerability in multiple products Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. | 7.2 |
2011-01-11 | CVE-2010-4526 | Linux Redhat Vmware | Race Condition vulnerability in multiple products Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | 7.1 |
60 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-13 | CVE-2010-4527 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. | 6.9 |
2011-01-14 | CVE-2010-4694 | Catb | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 6.8 |
2011-01-14 | CVE-2009-5018 | Catb | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | 6.8 |
2011-01-13 | CVE-2011-0310 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 6.8 |
2011-01-13 | CVE-2010-4537 | Crawltrack | Remote Security vulnerability in CrawlTrack Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors. | 6.8 |
2011-01-13 | CVE-2011-0443 | Tinybb | SQL Injection vulnerability in Tinybb 1.2 SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. | 6.8 |
2011-01-11 | CVE-2011-0405 | Phpgedview | Path Traversal vulnerability in PHPgedview 4.2.3 Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter. | 6.8 |
2011-01-11 | CVE-2011-0402 | Debian | Link Following vulnerability in Debian Dpkg dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | 6.8 |
2011-01-11 | CVE-2010-1679 | Debian | Path Traversal vulnerability in Debian Dpkg Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. | 6.8 |
2011-01-10 | CVE-2010-4013 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | 6.8 |
2011-01-12 | CVE-2011-0314 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 6.5 |
2011-01-10 | CVE-2011-0398 | Matomo | Permissions, Privileges, and Access Controls vulnerability in Matomo The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | 6.4 |
2011-01-13 | CVE-2010-3925 | WB I | Credentials Management vulnerability in Wb-I Contents-Mall 14.00 Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | 5.8 |
2011-01-11 | CVE-2011-0003 | Mediawiki | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 5.8 |
2011-01-11 | CVE-2010-4247 | Citrix Linux | Improper Input Validation vulnerability in Citrix XEN The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. | 5.5 |
2011-01-14 | CVE-2010-3833 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... | 5.0 |
2011-01-14 | CVE-2010-4695 | Catb Debian Redhat | Buffer Errors vulnerability in Catb Gif2Png 2.5.1/2.5.2 A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 5.0 |
2011-01-14 | CVE-2011-0483 | Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 5.0 | |
2011-01-14 | CVE-2011-0470 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2011-01-13 | CVE-2010-4052 | GNU | Resource Management Errors vulnerability in GNU Glibc Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. | 5.0 |
2011-01-13 | CVE-2010-4051 | GNU | Denial Of Service vulnerability in GNU glibc 'regcomp()' Stack Exhaustion The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | 5.0 |
2011-01-13 | CVE-2011-0445 | Wireshark | Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1/1.4.2 The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. | 5.0 |
2011-01-12 | CVE-2011-0316 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | 5.0 |
2011-01-12 | CVE-2010-0214 | Polyvision | Information Exposure vulnerability in Polyvision Roomwizard and Roomwizard Firmware The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. | 5.0 |
2011-01-11 | CVE-2010-4645 | PHP | Numeric Errors vulnerability in PHP strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308. | 5.0 |
2011-01-11 | CVE-2010-4225 | Mono | Information Exposure vulnerability in Mono 2.8/2.8.1 Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." | 5.0 |
2011-01-10 | CVE-2011-0401 | Matomo | Permissions, Privileges, and Access Controls vulnerability in Matomo Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | 5.0 |
2011-01-10 | CVE-2011-0400 | Matomo | Configuration vulnerability in Matomo Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
2011-01-10 | CVE-2010-4535 | Djangoproject | Improper Input Validation vulnerability in Djangoproject Django The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | 5.0 |
2011-01-14 | CVE-2010-3086 | Linux | Unspecified vulnerability in Linux Kernel include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault. | 4.9 |
2011-01-11 | CVE-2010-4175 | Linux | Numeric Errors vulnerability in Linux Kernel 2.6.35 Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | 4.9 |
2011-01-14 | CVE-2010-4339 | Hypermail Project | Cross-Site Scripting vulnerability in Hypermail-Project Hypermail 2.2.0 Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages. | 4.3 |
2011-01-14 | CVE-2011-0482 | Google Debian | Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | 4.3 |
2011-01-13 | CVE-2010-4647 | Eclipse | Cross-Site Scripting vulnerability in Eclipse IDE Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | 4.3 |
2011-01-13 | CVE-2008-7271 | Eclipse | Cross-Site Scripting vulnerability in Eclipse IDE 3.3.2 Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. | 4.3 |
2011-01-13 | CVE-2010-2599 | RIM | Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. | 4.3 |
2011-01-12 | CVE-2011-0315 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | 4.3 |
2011-01-12 | CVE-2010-3926 | WB I | Cross-Site Scripting vulnerability in Wb-I Sgx-Sp Final and Sgx-Sp Final NE Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-11 | CVE-2011-0005 | Joomla | Cross-Site Scripting vulnerability in Joomla COM Search Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | 4.3 |
2011-01-11 | CVE-2010-4693 | Coppermine Gallery | Cross-Site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. | 4.3 |
2011-01-10 | CVE-2011-0399 | Matomo | Multiple Security vulnerability in Piwik Prior to 1.1 Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2011-01-10 | CVE-2011-0004 | Matomo | Cross-Site Scripting vulnerability in Matomo Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-14 | CVE-2010-3840 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | 4.0 |
2011-01-14 | CVE-2010-3839 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. | 4.0 |
2011-01-14 | CVE-2010-3838 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table." | 4.0 |
2011-01-14 | CVE-2010-3837 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. | 4.0 |
2011-01-14 | CVE-2010-3836 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers. | 4.0 |
2011-01-14 | CVE-2010-3835 | Mysql Oracle | Numeric Errors vulnerability in multiple products MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table. | 4.0 |
2011-01-14 | CVE-2010-3834 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments." | 4.0 |
2011-01-14 | CVE-2010-4334 | IO Socket SSL | Cryptographic Issues vulnerability in Io-Socket-Ssl 1.35 The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | 4.0 |
2011-01-11 | CVE-2010-3683 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'LOAD DATA INFILE' Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. | 4.0 |
2011-01-11 | CVE-2010-3682 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'EXPLAIN' Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... | 4.0 |
2011-01-11 | CVE-2010-3681 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'HANDLER' interface Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. | 4.0 |
2011-01-11 | CVE-2010-3680 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'TEMPORARY InnoDB' Tables Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. | 4.0 |
2011-01-11 | CVE-2010-3679 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. | 4.0 |
2011-01-11 | CVE-2010-3678 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. | 4.0 |
2011-01-11 | CVE-2010-3677 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. | 4.0 |
2011-01-11 | CVE-2010-3676 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.49 'DDL' Statements storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. | 4.0 |
2011-01-11 | CVE-2010-4242 | Linux | Local Denial of Service vulnerability in Linux Kernel 2.6.36 The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. | 4.0 |
2011-01-10 | CVE-2010-4534 | Djangoproject | Permissions, Privileges, and Access Controls vulnerability in Djangoproject Django The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | 4.0 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2010-4337 | GNU | Link Following vulnerability in GNU Gnash 0.8.8 The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | 3.3 |
2011-01-11 | CVE-2011-0007 | Troglobit | Link Following vulnerability in Troglobit Pimd 2.1.5 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | 3.3 |
2011-01-13 | CVE-2010-4529 | Linux | Integer Underflow (Wrap OR Wraparound) vulnerability in Linux Kernel Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. | 2.1 |
2011-01-11 | CVE-2010-4525 | Linux | Information Exposure vulnerability in Linux Kernel 2.6.33/2.6.34 Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | 1.9 |