Weekly Vulnerabilities Reports > January 10 to 16, 2011
Overview
91 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 37 vendors including Oracle, Mysql, Google, HP, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Improper Input Validation", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 86 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 74 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 16 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2011-0485 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle speech data, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0478 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle SVG use elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0477 | Buffer Errors vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle a mismatch in video frame sizes, which allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2011-01-14 | CVE-2011-0476 | Buffer Errors vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allow remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a PDF document that triggers an out-of-memory error. | 10.0 | |
2011-01-14 | CVE-2011-0474 | Google Debian | Multiple Security vulnerability in Google Chrome Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 |
2011-01-14 | CVE-2011-0473 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 10.0 | |
2011-01-14 | CVE-2011-0471 | Improper Input Validation vulnerability in Google Chrome and Chrome OS The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 10.0 | |
2011-01-13 | CVE-2011-0271 | HP | OS Command Injection vulnerability in HP Openview Network Node Manager 7.51/7.53 The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | 10.0 |
2011-01-13 | CVE-2011-0270 | HP | USE of Externally-Controlled Format String vulnerability in HP Openview Network Node Manager 7.51/7.53 Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name. | 10.0 |
2011-01-13 | CVE-2011-0269 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0268 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0267 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266. | 10.0 |
2011-01-13 | CVE-2011-0266 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. | 10.0 |
2011-01-13 | CVE-2011-0265 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter. | 10.0 |
2011-01-13 | CVE-2011-0264 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. | 10.0 |
2011-01-13 | CVE-2011-0263 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. | 10.0 |
2011-01-13 | CVE-2011-0262 | HP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Network Node Manager 7.51/7.53 Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. | 10.0 |
2011-01-13 | CVE-2011-0261 | HP | Remote Code Execution vulnerability in HP OpenView Network Node Manager 7.51/7.53 Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter. | 10.0 |
2011-01-13 | CVE-2011-0444 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. | 10.0 |
2011-01-13 | CVE-2010-3912 | Novell | Credentials Management vulnerability in Novell Suse Linux 10/11 The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | 10.0 |
2011-01-11 | CVE-2011-0406 | Wellintech | Buffer Errors vulnerability in Wellintech Kingview 6.53 Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | 10.0 |
2011-01-14 | CVE-2010-4566 | Citrix | Unspecified vulnerability in Citrix Access Gateway The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. | 9.3 |
2011-01-14 | CVE-2011-0481 | Classic Buffer Overflow vulnerability in Google Chrome and Chrome OS Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF shading. | 9.3 | |
2011-01-14 | CVE-2011-0475 | USE After Free vulnerability in Google Chrome and Chrome OS Use-after-free vulnerability in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document. | 9.3 | |
2011-01-14 | CVE-2011-0472 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | 9.3 | |
2011-01-13 | CVE-2010-2604 | RIM | Buffer Errors vulnerability in RIM products Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | 9.3 |
2011-01-11 | CVE-2011-0403 | Imgburn | DLL Loading Arbitrary Code Execution vulnerability in ImgBurn 'dwmapi.dll' Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | 9.3 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2010-4335 | Cakefoundation | Improper Input Validation vulnerability in Cakefoundation Cakephp The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files. | 7.5 |
2011-01-14 | CVE-2010-0115 | Symantec | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | 7.5 |
2011-01-14 | CVE-2011-0484 | Improper Input Validation vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform DOM node removal, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale rendering node." | 7.5 | |
2011-01-14 | CVE-2011-0479 | Access of Uninitialized Pointer vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer. | 7.5 | |
2011-01-13 | CVE-2010-3924 | Aimluck | SQL Injection vulnerability in Aimluck Aipo SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-01-12 | CVE-2011-0423 | Polyvision | Credentials Management vulnerability in Polyvision Roomwizard and Roomwizard Firmware The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | 7.5 |
2011-01-11 | CVE-2011-0407 | Phenotype CMS | SQL Injection vulnerability in Phenotype-Cms Phenotype CMS 3.0 SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. | 7.5 |
2011-01-11 | CVE-2011-0404 | Netsupport | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netsupport Manager Agent 11.00/9.50 Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252. | 7.5 |
2011-01-11 | CVE-2010-3444 | Fribidi Kobi Zamir | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences. | 7.5 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2010-4694 | Catb | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as .p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 6.8 |
2011-01-14 | CVE-2009-5018 | Catb | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Catb Gif2Png Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | 6.8 |
2011-01-13 | CVE-2011-0310 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 6.8 |
2011-01-13 | CVE-2010-4537 | Crawltrack | Remote Security vulnerability in CrawlTrack Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors. | 6.8 |
2011-01-11 | CVE-2011-0405 | Phpgedview | Path Traversal vulnerability in PHPgedview 4.2.3 Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the pgvaction parameter. | 6.8 |
2011-01-11 | CVE-2011-0402 | Debian | Link Following vulnerability in Debian Dpkg dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | 6.8 |
2011-01-11 | CVE-2010-1679 | Debian | Path Traversal vulnerability in Debian Dpkg Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. | 6.8 |
2011-01-10 | CVE-2010-4013 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | 6.8 |
2011-01-12 | CVE-2011-0314 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere MQ Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 6.5 |
2011-01-10 | CVE-2011-0398 | Matomo | Permissions, Privileges, and Access Controls vulnerability in Matomo The Piwik_Common::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoofing of the X-Forwarded-For HTTP header. | 6.4 |
2011-01-13 | CVE-2010-3925 | WB I | Credentials Management vulnerability in Wb-I Contents-Mall 14.00 Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors. | 5.8 |
2011-01-11 | CVE-2011-0003 | Mediawiki | Improper Input Validation vulnerability in Mediawiki MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 5.8 |
2011-01-14 | CVE-2010-3833 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... | 5.0 |
2011-01-14 | CVE-2010-4695 | Catb Debian Redhat | Buffer Errors vulnerability in Catb Gif2Png 2.5.1/2.5.2 A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018. | 5.0 |
2011-01-14 | CVE-2011-0483 | Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 5.0 | |
2011-01-14 | CVE-2011-0470 | Multiple Security vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 5.0 | |
2011-01-13 | CVE-2010-4052 | GNU | Resource Management Errors vulnerability in GNU Glibc Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. | 5.0 |
2011-01-13 | CVE-2011-0445 | Wireshark | Resource Management Errors vulnerability in Wireshark 1.4.0/1.4.1/1.4.2 The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (assertion failure) via crafted packets, as demonstrated by fuzz-2010-12-30-28473.pcap. | 5.0 |
2011-01-12 | CVE-2011-0316 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | 5.0 |
2011-01-12 | CVE-2010-0214 | Polyvision | Information Exposure vulnerability in Polyvision Roomwizard and Roomwizard Firmware The administrative interface on the PolyVision RoomWizard with firmware 3.2.3 places the Sync Connector Active Directory (AD) credentials in a web form that is accessed over HTTP on port 80, which allows remote attackers to obtain sensitive information by reading the HTML source code corresponding to the /admin/sign/DeviceSynch URI. | 5.0 |
2011-01-11 | CVE-2010-4225 | Mono | Information Exposure vulnerability in Mono 2.8/2.8.1 Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug." | 5.0 |
2011-01-10 | CVE-2011-0401 | Matomo | Permissions, Privileges, and Access Controls vulnerability in Matomo Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | 5.0 |
2011-01-10 | CVE-2011-0400 | Matomo | Configuration vulnerability in Matomo Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
2011-01-10 | CVE-2010-4535 | Djangoproject | Improper Input Validation vulnerability in Djangoproject Django The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | 5.0 |
2011-01-11 | CVE-2010-4175 | Linux | Numeric Errors vulnerability in Linux Kernel 2.6.35 Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | 4.9 |
2011-01-14 | CVE-2010-4339 | Hypermail Project | Cross-Site Scripting vulnerability in Hypermail-Project Hypermail 2.2.0 Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted From address, which is not properly handled when indexing messages. | 4.3 |
2011-01-14 | CVE-2011-0482 | Google Debian | Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | 4.3 |
2011-01-13 | CVE-2008-7271 | Eclipse | Cross-Site Scripting vulnerability in Eclipse IDE 3.3.2 Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. | 4.3 |
2011-01-13 | CVE-2010-2599 | RIM | Remote Denial Of Service vulnerability in Research In Motion BlackBerry Device Software Unspecified vulnerability in Research In Motion (RIM) BlackBerry Device Software before 6.0.0 allows remote attackers to cause a denial of service (browser hang) via a crafted web page. | 4.3 |
2011-01-12 | CVE-2011-0315 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | 4.3 |
2011-01-12 | CVE-2010-3926 | WB I | Cross-Site Scripting vulnerability in Wb-I Sgx-Sp Final and Sgx-Sp Final NE Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-11 | CVE-2010-4693 | Coppermine Gallery | Cross-Site Scripting vulnerability in Coppermine-Gallery Coppermine Photo Gallery Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. | 4.3 |
2011-01-10 | CVE-2011-0399 | Matomo | Multiple Security vulnerability in Piwik Prior to 1.1 Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
2011-01-10 | CVE-2011-0004 | Matomo | Cross-Site Scripting vulnerability in Matomo Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-01-14 | CVE-2010-3840 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points. | 4.0 |
2011-01-14 | CVE-2010-3839 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements. | 4.0 |
2011-01-14 | CVE-2010-3838 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table." | 4.0 |
2011-01-14 | CVE-2010-3837 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object. | 4.0 |
2011-01-14 | CVE-2010-3836 | Mysql Oracle | Resource Management Errors vulnerability in multiple products MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers. | 4.0 |
2011-01-14 | CVE-2010-3835 | Mysql Oracle | Numeric Errors vulnerability in multiple products MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table. | 4.0 |
2011-01-14 | CVE-2010-3834 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.51 Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments." | 4.0 |
2011-01-14 | CVE-2010-4334 | IO Socket SSL | Cryptographic Issues vulnerability in Io-Socket-Ssl 1.35 The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | 4.0 |
2011-01-11 | CVE-2010-3683 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'LOAD DATA INFILE' Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request. | 4.0 |
2011-01-11 | CVE-2010-3682 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'EXPLAIN' Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... | 4.0 |
2011-01-11 | CVE-2010-3681 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'HANDLER' interface Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure. | 4.0 |
2011-01-11 | CVE-2010-3680 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL 'TEMPORARY InnoDB' Tables Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure. | 4.0 |
2011-01-11 | CVE-2010-3679 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind. | 4.0 |
2011-01-11 | CVE-2010-3678 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier. | 4.0 |
2011-01-11 | CVE-2010-3677 | Mysql Oracle | Resource Management Errors vulnerability in multiple products Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column. | 4.0 |
2011-01-11 | CVE-2010-3676 | Mysql Oracle | Denial Of Service vulnerability in Oracle MySQL Prior to 5.1.49 'DDL' Statements storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement. | 4.0 |
2011-01-11 | CVE-2010-4242 | Linux | Local Denial of Service vulnerability in Linux Kernel 2.6.36 The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. | 4.0 |
2011-01-10 | CVE-2010-4534 | Djangoproject | Permissions, Privileges, and Access Controls vulnerability in Djangoproject Django The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-01-14 | CVE-2010-4337 | GNU | Link Following vulnerability in GNU Gnash 0.8.8 The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. | 3.3 |
2011-01-11 | CVE-2011-0007 | Troglobit | Link Following vulnerability in Troglobit Pimd 2.1.5 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | 3.3 |
2011-01-11 | CVE-2010-4525 | Linux | Information Exposure vulnerability in Linux Kernel 2.6.33/2.6.34 Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors. | 1.9 |