Weekly Vulnerabilities Reports > May 2 to 8, 2011

Overview

111 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 22 high severity vulnerabilities. This weekly summary report vulnerabilities in 61 products from 31 vendors including Google, HP, Mozilla, Linux, and Cisco. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Resource Management Errors", and "Path Traversal".

  • 104 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 100 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 13 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-07 CVE-2011-1735 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.

10.0
2011-05-07 CVE-2011-1734 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.

10.0
2011-05-07 CVE-2011-1733 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.

10.0
2011-05-07 CVE-2011-1732 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.

10.0
2011-05-07 CVE-2011-1731 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.

10.0
2011-05-07 CVE-2011-1730 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.

10.0
2011-05-07 CVE-2011-1729 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.

10.0
2011-05-07 CVE-2011-1728 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.

10.0
2011-05-07 CVE-2011-0081 Mozilla Unspecified vulnerability in Mozilla Firefox and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2011-05-07 CVE-2011-0080 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10.0
2011-05-07 CVE-2011-0079 Mozilla Memory Corruption vulnerability in Mozilla Firefox 4.0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors.

10.0
2011-05-07 CVE-2011-0078 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.

10.0
2011-05-07 CVE-2011-0077 Mozilla Interger Overflow vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.

10.0
2011-05-07 CVE-2011-0075 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.

10.0
2011-05-07 CVE-2011-0074 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

10.0
2011-05-07 CVE-2011-0073 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

10.0
2011-05-07 CVE-2011-0072 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.

10.0
2011-05-07 CVE-2011-0070 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.

10.0
2011-05-07 CVE-2011-0069 Mozilla Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.

10.0
2011-05-07 CVE-2011-0066 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

10.0
2011-05-07 CVE-2011-0065 Mozilla Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

10.0
2011-05-04 CVE-2011-1900 Indusoft Path Traversal vulnerability in Indusoft web Studio 6.1/7.0

Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.

10.0
2011-05-03 CVE-2010-4803 Mojolicious Improper Input Validation vulnerability in Mojolicious

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

10.0
2011-05-03 CVE-2010-4802 Mojolicious Improper Input Validation vulnerability in Mojolicious

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

10.0
2011-05-03 CVE-2009-5074 Mojolicious Unspecified vulnerability in Mojolicious

Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.

10.0
2011-05-05 CVE-2011-1207 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Rational System Architect

The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883.

9.3
2011-05-04 CVE-2011-0340 Advantech
Indusoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

9.3
2011-05-03 CVE-2011-0610 Adobe
Microsoft
Apple
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader

The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

9.3

22 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-07 CVE-2011-1736 HP Path Traversal vulnerability in HP Openview Storage Data Protector 6.00/6.10/6.11

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

8.5
2011-05-03 CVE-2011-1609 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager

SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.

8.5
2011-05-05 CVE-2011-1208 IBM Denial of Service vulnerability in IBM solidDB 'rpc_test_svc' Commands

IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command.

7.8
2011-05-03 CVE-2011-1785 Vmware Resource Management Errors vulnerability in VMWare ESX and Esxi

VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (socket exhaustion) via unspecified network traffic.

7.8
2011-05-03 CVE-2011-1613 Cisco Denial of Service vulnerability in Cisco Wireless LAN Controller ICMP Packet Handling

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.

7.8
2011-05-03 CVE-2011-1606 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager SIP Message (CVE-2011-1606)

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.

7.8
2011-05-03 CVE-2011-1605 Cisco Denial of Service vulnerability in Cisco Unified Communications Manager SIP Message (CVE-2011-1605)

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.

7.8
2011-05-03 CVE-2011-1845 Microsoft Resource Management Errors vulnerability in Microsoft Silverlight

Multiple memory leaks in the DataGrid control implementation in Microsoft Silverlight 4 before 4.0.60310.0 allow remote attackers to cause a denial of service (memory consumption) via an application involving (1) subscriptions to an INotifyDataErrorInfo.ErrorsChanged event or (2) a TextBlock or TextBox element.

7.8
2011-05-03 CVE-2011-1844 Microsoft Resource Management Errors vulnerability in Microsoft Silverlight

Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remote attackers to cause a denial of service (memory consumption) via an application involving a popup control and a custom DependencyProperty property, related to lack of garbage collection.

7.8
2011-05-03 CVE-2011-1087 Videolan Buffer Errors vulnerability in Videolan VLC Media Player 1.0.5

Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.

7.6
2011-05-07 CVE-2011-0076 Mozilla
Apple
Privilege Escalation vulnerability in Mozilla Firefox/SeaMonkey

Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5
2011-05-05 CVE-2011-1904 Proofpoint OS Command Injection vulnerability in Proofpoint Messaging Security Gateway and Protection Server

An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue.

7.5
2011-05-05 CVE-2011-1903 Proofpoint SQL Injection vulnerability in Proofpoint Messaging Security Gateway and Protection Server

SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2011-05-05 CVE-2011-1901 Proofpoint Improper Authentication vulnerability in Proofpoint Messaging Security Gateway and Protection Server

The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors.

7.5
2011-05-03 CVE-2011-1451 Google
Apple
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

7.5
2011-05-03 CVE-2011-1438 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 allows remote attackers to bypass the Same Origin Policy via vectors involving blobs.

7.5
2011-05-03 CVE-2011-1303 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle floating objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

7.5
2011-05-03 CVE-2011-1522 Doctrine Project SQL Injection vulnerability in Doctrine-Project products

Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

7.5
2011-05-03 CVE-2011-1495 Linux Improper Input Validation vulnerability in Linux Kernel

drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier does not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions.

7.2
2011-05-03 CVE-2011-1169 Linux Improper Validation of Array Index vulnerability in Linux Kernel

Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer.

7.2
2011-05-03 CVE-2011-1842 Ubuntu Improper Input Validation vulnerability in Ubuntu Language-Selector

dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSystemDefaultLangEnv and (2) SetSystemDefaultLanguageEnv functions, which allows local users to gain privileges via shell metacharacters in a string argument, a different vulnerability than CVE-2011-0729.

7.2
2011-05-03 CVE-2011-1604 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.

7.1

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-03 CVE-2011-1494 Linux Numeric Errors vulnerability in Linux Kernel

Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow.

6.9
2011-05-07 CVE-2011-1571 Liferay
Apache
Remote Security vulnerability in Liferay Portal

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

6.8
2011-05-05 CVE-2011-1905 Proofpoint Cross-Site Request Forgery (CSRF) vulnerability in Proofpoint Messaging Security Gateway and Protection Server

Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors.

6.8
2011-05-03 CVE-2011-1456 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle PDF forms, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

6.8
2011-05-03 CVE-2011-1455 Google Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle PDF documents with multipart encoding, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

6.8
2011-05-03 CVE-2011-1454 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the DOM id handling functionality in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

6.8
2011-05-03 CVE-2011-1449 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-05-03 CVE-2011-1448 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly perform height calculations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8
2011-05-03 CVE-2011-1447 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle drop-down lists, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

6.8
2011-05-03 CVE-2011-1445 Google Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8
2011-05-03 CVE-2011-1444 Google
Linux
Debian
Race Condition vulnerability in Google Chrome

Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-05-03 CVE-2011-1443 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly implement layering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."

6.8
2011-05-03 CVE-2011-1442 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly handle mutation events, which allows remote attackers to cause a denial of service (node tree corruption) or possibly have unspecified other impact via unknown vectors.

6.8
2011-05-03 CVE-2011-1441 Google Incorrect Type Conversion OR Cast vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.

6.8
2011-05-03 CVE-2011-1440 Google
Debian
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

6.8
2011-05-03 CVE-2011-1439 Google
Linux
Unspecified vulnerability in Google Chrome

Google Chrome before 11.0.696.57 on Linux does not properly isolate renderer processes, which has unspecified impact and remote attack vectors.

6.8
2011-05-03 CVE-2011-1437 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

Multiple integer overflows in Google Chrome before 11.0.696.57 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float rendering.

6.8
2011-05-03 CVE-2011-1434 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8
2011-05-03 CVE-2011-1305 Google
Apple
Linux
Race Condition vulnerability in Google Chrome

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database.

6.8
2011-05-03 CVE-2011-1684 Videolan Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Videolan VLC Media Player

Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.

6.8
2011-05-03 CVE-2009-5022 Libtiff Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff

Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file.

6.8
2011-05-03 CVE-2011-1545 HP Cross-Site Request Forgery (CSRF) vulnerability in HP Insight Control Performance Management

Cross-site request forgery (CSRF) vulnerability in HP Insight Control Performance Management before 6.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2011-05-03 CVE-2011-1843 Banu Numeric Errors vulnerability in Banu Tinyproxy

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.

6.8
2011-05-03 CVE-2011-1607 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

6.5
2011-05-03 CVE-2011-1846 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757.

6.5
2011-05-03 CVE-2011-1610 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.

6.4
2011-05-03 CVE-2011-1724 HP Unspecified vulnerability in HP Virtual Server Environment 6.0/6.0.1

Unspecified vulnerability in HP Virtual Server Environment before 6.3 allows remote authenticated users to gain privileges via unknown vectors.

6.0
2011-05-03 CVE-2011-1544 HP Unspecified vulnerability in HP Insight Control Performance Management

Unspecified vulnerability in HP Insight Control Performance Management before 6.3 allows remote authenticated users to gain privileges via unknown vectors.

6.0
2011-05-05 CVE-2011-1826 CA Improper Input Validation vulnerability in CA Arcot Webfort Versatile Authentication Server

Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2011-05-03 CVE-2011-1452 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.

5.8
2011-05-03 CVE-2011-1446 Google Unspecified vulnerability in Google Chrome

Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.

5.8
2011-05-04 CVE-2011-0714 Linux
Redhat
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function.

5.7
2011-05-07 CVE-2011-0071 Mozilla
Microsoft
Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

5.0
2011-05-07 CVE-2011-0067 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.

5.0
2011-05-05 CVE-2011-1906 Trustwave Credentials Management vulnerability in Trustwave Webdefend 2.0/3.0

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756.

5.0
2011-05-05 CVE-2011-1902 Proofpoint Path Traversal vulnerability in Proofpoint Messaging Security Gateway and Protection Server

Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2011-05-05 CVE-2011-0756 Trustwave Credentials Management vulnerability in Trustwave Webdefend 2.0

The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port.

5.0
2011-05-03 CVE-2011-1786 Likewise
Vmware
Resource Management Errors vulnerability in multiple products

lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 before build 8325, and Enterprise 6.0 before build 178, as distributed in VMware ESXi 4.1 and ESX 4.1 and possibly other products, allows remote attackers to cause a denial of service (daemon crash) via an Active Directory login attempt that provides a username containing an invalid byte sequence.

5.0
2011-05-03 CVE-2011-1450 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly present file dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

5.0
2011-05-03 CVE-2011-1436 Google
Linux
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

5.0
2011-05-03 CVE-2011-1435 Google Incorrect Default Permissions vulnerability in Google Chrome

Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension.

5.0
2011-05-03 CVE-2011-1304 Google Unspecified vulnerability in Google Chrome

Unspecified vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to bypass the pop-up blocker via vectors related to plug-ins.

5.0
2011-05-03 CVE-2011-1539 HP Unspecified vulnerability in HP Proliant Support Pack 8.5

Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.

5.0
2011-05-03 CVE-2011-1847 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement.

4.9
2011-05-03 CVE-2011-1593 Linux
Redhat
Canonical
Integer Overflow OR Wraparound vulnerability in multiple products

Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

4.9
2011-05-03 CVE-2011-1577 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.

4.9
2011-05-03 CVE-2011-1538 HP Improper Input Validation vulnerability in HP Proliant Support Pack 8.5

Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.9
2011-05-05 CVE-2011-1825 CA Cross-Site Scripting vulnerability in CA Arcot Webfort Versatile Authentication Server

Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-05 CVE-2011-1423 EMC Cross-Site Scripting vulnerability in EMC Data Loss Prevention Enterprise Manager 8.0/8.5

Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-04 CVE-2011-1209 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

4.3
2011-05-03 CVE-2011-1739 Freebsd Improper Input Validation vulnerability in Freebsd

The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 does not properly handle a -network field specifying a CIDR block with a prefix length that is not an integer multiple of 8, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances via an NFS mount request.

4.3
2011-05-03 CVE-2011-1727 HP Cross-Site Scripting vulnerability in HP Sitescope

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.

4.3
2011-05-03 CVE-2011-1726 HP Cross-Site Scripting vulnerability in HP Sitescope

Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-03 CVE-2010-4665 Libtiff Numeric Errors vulnerability in Libtiff

Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.

4.3
2011-05-03 CVE-2011-1537 HP Cross-Site Scripting vulnerability in HP Proliant Support Pack 8.5

Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-03 CVE-2011-1523 Nagios Cross-Site Scripting vulnerability in Nagios

Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.

4.3
2011-05-03 CVE-2011-1841 Mojolicious Cross-Site Scripting vulnerability in Mojolicious

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-07 CVE-2011-1502 Liferay
Apache
Information Exposure vulnerability in Liferay Portal

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-07 CVE-2011-1570 Liferay
Apache
Microsoft
Cross-Site Scripting vulnerability in Liferay Portal

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

3.5
2011-05-07 CVE-2011-1504 Liferay Cross-Site Scripting vulnerability in Liferay Portal

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

3.5
2011-05-07 CVE-2011-1503 Liferay
Apache
Oracle
Linux
Microsoft
Information Exposure vulnerability in Liferay Portal

The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.

3.5