Weekly Vulnerabilities Reports > January 10 to 16, 2011

Overview

105 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 68 products from 45 vendors including Google, Oracle, Mysql, HP, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Resource Management Errors", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".

  • 95 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 87 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-14 CVE-2011-0485 Google Improper Input Validation vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer."

10.0
2011-01-14 CVE-2011-0478 Google Improper Input Validation vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

10.0
2011-01-14 CVE-2011-0477 Google Buffer Errors vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors.

10.0
2011-01-14 CVE-2011-0476 Google Buffer Errors vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error.

10.0
2011-01-14 CVE-2011-0474 Google
Debian
Multiple Security vulnerability in Google Chrome

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

10.0
2011-01-14 CVE-2011-0473 Google Multiple Security vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

10.0
2011-01-14 CVE-2011-0471 Google Improper Input Validation vulnerability in Google Chrome and Chrome OS

The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

10.0
2011-01-13 CVE-2011-0271 HP OS Command Injection vulnerability in HP Openview Network Node Manager 7.51/7.53

The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."

10.0
2011-01-13 CVE-2011-0270 HP USE of Externally-Controlled Format String vulnerability in HP Openview Network Node Manager 7.51/7.53

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.

10.0
2011-01-13 CVE-2011-0269 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.

10.0
2011-01-13 CVE-2011-0268 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.

10.0
2011-01-13 CVE-2011-0267 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.

10.0
2011-01-13 CVE-2011-0266 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.

10.0
2011-01-13 CVE-2011-0265 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.

10.0
2011-01-13 CVE-2011-0264 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.

10.0
2011-01-13 CVE-2011-0263 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.

10.0
2011-01-13 CVE-2011-0262 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53

Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.

10.0
2011-01-13 CVE-2011-0261 HP Remote Code Execution vulnerability in HP OpenView Network Node Manager 7.51/7.53

Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.

10.0
2011-01-13 CVE-2011-0444 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.

10.0
2011-01-13 CVE-2010-3912 Novell Credentials Management vulnerability in Novell Suse Linux 10/11

The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.

10.0
2011-01-11 CVE-2011-0406 Wellintech Buffer Errors vulnerability in Wellintech Kingview 6.53

Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.

10.0
2011-01-14 CVE-2010-4566 Citrix Unspecified vulnerability in Citrix Access Gateway

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

9.3
2011-01-14 CVE-2011-0481 Google Classic Buffer Overflow vulnerability in Google Chrome and Chrome OS

Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading.

9.3
2011-01-14 CVE-2011-0480 Google
Debian
Canonical
Classic Buffer Overflow vulnerability in Google Chrome and Chrome OS

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

9.3
2011-01-14 CVE-2011-0475 Google USE After Free vulnerability in Google Chrome and Chrome OS

Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document.

9.3
2011-01-14 CVE-2011-0472 Google Multiple Security vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.

9.3
2011-01-13 CVE-2010-2604 RIM Buffer Errors vulnerability in RIM products

Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.

9.3
2011-01-12 CVE-2011-0027 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.

9.3
2011-01-12 CVE-2011-0026 Microsoft Numeric Errors vulnerability in Microsoft products

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."

9.3
2011-01-11 CVE-2011-0403 Imgburn DLL Loading Arbitrary Code Execution vulnerability in ImgBurn 'dwmapi.dll'

Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-14 CVE-2010-4335 Cakefoundation Improper Input Validation vulnerability in Cakefoundation Cakephp

The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

7.5
2011-01-14 CVE-2010-0115 Symantec SQL Injection vulnerability in Symantec web Gateway

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

7.5
2011-01-14 CVE-2011-0484 Google Improper Input Validation vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node."

7.5
2011-01-14 CVE-2011-0479 Google Access of Uninitialized Pointer vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer.

7.5
2011-01-13 CVE-2010-3924 Aimluck SQL Injection vulnerability in Aimluck Aipo

SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

7.5
2011-01-12 CVE-2011-0423 Polyvision Credentials Management vulnerability in Polyvision Roomwizard and Roomwizard Firmware

The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214.

7.5
2011-01-11 CVE-2011-0407 Phenotype CMS SQL Injection vulnerability in Phenotype-Cms Phenotype CMS 3.0

SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html.

7.5
2011-01-11 CVE-2011-0404 Netsupport Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netsupport Manager Agent 11.00/9.50

Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.

7.5
2011-01-11 CVE-2010-3444 Fribidi
Kobi Zamir
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.

7.5
2011-01-11 CVE-2010-3865 Linux
Opensuse
Suse
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow.

7.2
2011-01-11 CVE-2010-4526 Linux
Redhat
Vmware
Race Condition vulnerability in multiple products

Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.

7.1

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-13 CVE-2010-4527 Linux Classic Buffer Overflow vulnerability in Linux Kernel

The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a '\0' character, which allows local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call.

6.9
2011-01-14 CVE-2010-4694 Catb Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png

Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

6.8
2011-01-14 CVE-2009-5018 Catb Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png

Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.

6.8
2011-01-13 CVE-2011-0310 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ

Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message.

6.8
2011-01-13 CVE-2010-4537 Crawltrack Remote Security vulnerability in CrawlTrack

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors.

6.8
2011-01-13 CVE-2011-0443 Tinybb SQL Injection vulnerability in Tinybb 1.2

SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php.

6.8
2011-01-11 CVE-2011-0405 Phpgedview Path Traversal vulnerability in PHPgedview 4.2.3

Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter.

6.8
2011-01-11 CVE-2011-0402 Debian Link Following vulnerability in Debian Dpkg

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

6.8
2011-01-11 CVE-2010-1679 Debian Path Traversal vulnerability in Debian Dpkg

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.

6.8
2011-01-10 CVE-2010-4013 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.

6.8
2011-01-12 CVE-2011-0314 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ

Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue.

6.5
2011-01-10 CVE-2011-0398 Matomo Permissions, Privileges, and Access Controls vulnerability in Matomo

The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header.

6.4
2011-01-13 CVE-2010-3925 WB I Credentials Management vulnerability in Wb-I Contents-Mall 14.00

Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors.

5.8
2011-01-11 CVE-2011-0003 Mediawiki Improper Input Validation vulnerability in Mediawiki

MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.

5.8
2011-01-11 CVE-2010-4247 Citrix
Linux
Improper Input Validation vulnerability in Citrix XEN

The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers.

5.5
2011-01-14 CVE-2010-3833 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ...

5.0
2011-01-14 CVE-2010-4695 Catb
Debian
Redhat
Buffer Errors vulnerability in Catb Gif2Png 2.5.1/2.5.2

A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.

5.0
2011-01-14 CVE-2011-0483 Google Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

5.0
2011-01-14 CVE-2011-0470 Google Multiple Security vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5.0
2011-01-13 CVE-2010-4052 GNU Resource Management Errors vulnerability in GNU Glibc

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

5.0
2011-01-13 CVE-2010-4051 GNU Denial Of Service vulnerability in GNU glibc 'regcomp()' Stack Exhaustion

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

5.0
2011-01-13 CVE-2011-0445 Wireshark Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1/1.4.2

The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap.

5.0
2011-01-12 CVE-2011-0316 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

5.0
2011-01-12 CVE-2010-0214 Polyvision Information Exposure vulnerability in Polyvision Roomwizard and Roomwizard Firmware

The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI.

5.0
2011-01-11 CVE-2010-4645 PHP Numeric Errors vulnerability in PHP

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.

5.0
2011-01-11 CVE-2010-4225 Mono Information Exposure vulnerability in Mono 2.8/2.8.1

Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."

5.0
2011-01-10 CVE-2011-0401 Matomo Permissions, Privileges, and Access Controls vulnerability in Matomo

Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions.

5.0
2011-01-10 CVE-2011-0400 Matomo Configuration vulnerability in Matomo

Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2011-01-10 CVE-2010-4535 Djangoproject Improper Input Validation vulnerability in Djangoproject Django

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.

5.0
2011-01-14 CVE-2010-3086 Linux Unspecified vulnerability in Linux Kernel

include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not properly implement exception fixup, which allows local users to cause a denial of service (panic) via an invalid application that triggers a page fault.

4.9
2011-01-11 CVE-2010-4175 Linux Numeric Errors vulnerability in Linux Kernel 2.6.35

Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865.

4.9
2011-01-14 CVE-2010-4339 Hypermail Project Cross-Site Scripting vulnerability in Hypermail-Project Hypermail 2.2.0

Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages.

4.3
2011-01-14 CVE-2011-0482 Google
Debian
Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

4.3
2011-01-13 CVE-2010-4647 Eclipse Cross-Site Scripting vulnerability in Eclipse IDE

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

4.3
2011-01-13 CVE-2008-7271 Eclipse Cross-Site Scripting vulnerability in Eclipse IDE 3.3.2

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

4.3
2011-01-13 CVE-2010-2599 RIM Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software

Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page.

4.3
2011-01-12 CVE-2011-0315 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application.

4.3
2011-01-12 CVE-2010-3926 WB I Cross-Site Scripting vulnerability in Wb-I Sgx-Sp Final and Sgx-Sp Final NE

Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-01-11 CVE-2011-0005 Joomla Cross-Site Scripting vulnerability in Joomla COM Search

Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.

4.3
2011-01-11 CVE-2010-4693 Coppermine Gallery Cross-Site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery

Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.

4.3
2011-01-10 CVE-2011-0399 Matomo Multiple Security vulnerability in Piwik Prior to 1.1

Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

4.3
2011-01-10 CVE-2011-0004 Matomo Cross-Site Scripting vulnerability in Matomo

Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-01-14 CVE-2010-3840 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

4.0
2011-01-14 CVE-2010-3839 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

4.0
2011-01-14 CVE-2010-3838 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

4.0
2011-01-14 CVE-2010-3837 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

4.0
2011-01-14 CVE-2010-3836 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

4.0
2011-01-14 CVE-2010-3835 Mysql
Oracle
Numeric Errors vulnerability in multiple products

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

4.0
2011-01-14 CVE-2010-3834 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

4.0
2011-01-14 CVE-2010-4334 IO Socket SSL Cryptographic Issues vulnerability in Io-Socket-Ssl 1.35

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

4.0
2011-01-11 CVE-2010-3683 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL 'LOAD DATA INFILE'

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

4.0
2011-01-11 CVE-2010-3682 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL 'EXPLAIN'

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ...

4.0
2011-01-11 CVE-2010-3681 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL 'HANDLER' interface

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

4.0
2011-01-11 CVE-2010-3680 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL 'TEMPORARY InnoDB' Tables

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

4.0
2011-01-11 CVE-2010-3679 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

4.0
2011-01-11 CVE-2010-3678 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

4.0
2011-01-11 CVE-2010-3677 Mysql
Oracle
Resource Management Errors vulnerability in multiple products

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

4.0
2011-01-11 CVE-2010-3676 Mysql
Oracle
Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.49 'DDL' Statements

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

4.0
2011-01-11 CVE-2010-4242 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.36

The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver.

4.0
2011-01-10 CVE-2010-4534 Djangoproject Permissions, Privileges, and Access Controls vulnerability in Djangoproject Django

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-01-14 CVE-2010-4337 GNU Link Following vulnerability in GNU Gnash 0.8.8

The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.

3.3
2011-01-11 CVE-2011-0007 Troglobit Link Following vulnerability in Troglobit Pimd 2.1.5

pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.

3.3
2011-01-13 CVE-2010-4529 Linux Integer Underflow (Wrap OR Wraparound) vulnerability in Linux Kernel

Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call.

2.1
2011-01-11 CVE-2010-4525 Linux Information Exposure vulnerability in Linux Kernel 2.6.33/2.6.34

Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.

1.9