Weekly Vulnerabilities Reports > May 9 to 15, 2011

Overview

72 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 154 products from 37 vendors including Linux, Microsoft, Google, Apple, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 58 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 65 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 19 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-13 CVE-2011-1854 HP Resource Management Errors vulnerability in HP Intelligent Management Center 5.0

Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.

10.0
2011-05-13 CVE-2011-1853 HP Improper Input Validation vulnerability in HP Intelligent Management Center 5.0

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.

10.0
2011-05-13 CVE-2011-1852 HP Buffer Errors vulnerability in HP Intelligent Management Center 5.0

Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.

10.0
2011-05-13 CVE-2011-1851 HP Buffer Errors vulnerability in HP Intelligent Management Center 5.0

Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.

10.0
2011-05-13 CVE-2011-1850 HP Buffer Errors vulnerability in HP Intelligent Management Center 5.0

Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.

10.0
2011-05-13 CVE-2011-1849 HP Improper Input Validation vulnerability in HP Intelligent Management Center 5.0

tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.

10.0
2011-05-13 CVE-2011-1848 HP Buffer Errors vulnerability in HP Intelligent Management Center 5.0

Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.

10.0
2011-05-13 CVE-2011-0627 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Input Validation vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.

9.3
2011-05-13 CVE-2011-0626 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Input Validation vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.

9.3
2011-05-13 CVE-2011-0625 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Input Validation vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626.

9.3
2011-05-13 CVE-2011-0624 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Input Validation vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626.

9.3
2011-05-13 CVE-2011-0623 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Input Validation vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626.

9.3
2011-05-13 CVE-2011-0622 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.

9.3
2011-05-13 CVE-2011-0621 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622.

9.3
2011-05-13 CVE-2011-0620 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622.

9.3
2011-05-13 CVE-2011-0619 Adobe
Apple
Linux
Microsoft
Oracle
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.

9.3
2011-05-13 CVE-2011-0618 Adobe
Apple
Linux
Microsoft
Oracle
Google
Numeric Errors vulnerability in Adobe Flash Player

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.

9.3
2011-05-13 CVE-2011-2089 Iconics Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconics Bizviz and Genesis32

Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument.

9.3
2011-05-13 CVE-2011-1270 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Powerpoint 2002/2003

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."

9.3
2011-05-13 CVE-2011-1269 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability."

9.3
2011-05-13 CVE-2011-1248 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."

9.3
2011-05-13 CVE-2011-0341 Artifex
Mozilla
Buffer Errors vulnerability in Artifex Mupdf 2008.09.02

Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.

9.3
2011-05-10 CVE-2011-2075 Google
Microsoft
Remote Code Execution vulnerability in Google Chrome 11.0.696.65/12.0.742.30

Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors.

9.3

8 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-10 CVE-2011-2074 Skype
Apple
Remote Code Execution vulnerability in Skype Technologies Skype for Mac

Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message.

8.5
2011-05-09 CVE-2011-1323 Yamaha
NEC
Improper Input Validation vulnerability in Yamaha products

Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location.

7.8
2011-05-10 CVE-2011-2080 Inventivetec SQL Injection vulnerability in Inventivetec Mediacast

Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm.

7.5
2011-05-10 CVE-2011-2079 Inventivetec Improper Input Validation vulnerability in Inventivetec Mediacast

MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue.

7.5
2011-05-10 CVE-2011-2077 Inventivetec Configuration vulnerability in Inventivetec Mediacast

The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session.

7.5
2011-05-09 CVE-2010-4284 Samsung SQL Injection vulnerability in Samsung Data Management Server 1.3.3/1.4.1

SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2011-05-13 CVE-2011-1738 HP Permissions, Privileges, and Access Controls vulnerability in HP Palm Webos 1.4.5/1.4.5.1

HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access.

7.2
2011-05-09 CVE-2011-1013 Linux
Openbsd
Out-Of-Bounds Write vulnerability in multiple products

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

7.2

34 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-09 CVE-2011-2022 Linux
Redhat
Improper Input Validation vulnerability in Linux Kernel

The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.

6.9
2011-05-09 CVE-2011-1746 Linux
Redhat
Numeric Errors vulnerability in Linux Kernel

Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages.

6.9
2011-05-09 CVE-2011-1745 Linux
Redhat
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

6.9
2011-05-13 CVE-2011-1403 Mahara Cross-Site Request Forgery (CSRF) vulnerability in Mahara

Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.

6.8
2011-05-13 CVE-2011-1720 Postfix Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postfix

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.

6.8
2011-05-09 CVE-2011-1574 Konstanty Bialkowski Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Konstanty Bialkowski Libmodplug

Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.

6.8
2011-05-09 CVE-2011-1547 Netbsd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netbsd

Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers.

6.8
2011-05-13 CVE-2011-1402 Mahara Permissions, Privileges, and Access Controls vulnerability in Mahara

Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.

6.5
2011-05-13 CVE-2011-1326 FON Denial of Service vulnerability in FON La Fonera+

Unspecified vulnerability on the La Fonera+ router with firmware before 1.7.0.1 allows remote attackers to cause a denial of service via unknown vectors.

6.1
2011-05-13 CVE-2011-1325 Lockon Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube

Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

5.8
2011-05-09 CVE-2011-1324 Buffalotech Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products

Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.

5.8
2011-05-10 CVE-2011-1271 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft .Net Framework

The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."

5.1
2011-05-13 CVE-2011-0579 Adobe
Apple
Linux
Microsoft
Oracle
Google
Information Exposure vulnerability in Adobe Flash Player

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors.

5.0
2011-05-13 CVE-2011-2088 Apache
Opensymphony
Information Exposure vulnerability in multiple products

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.

5.0
2011-05-13 CVE-2011-0761 Perl NULL Pointer Dereference Denial Of Service vulnerability in Perl 5.10.0/5.10.1

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

5.0
2011-05-10 CVE-2011-2081 Inventivetec Information Exposure vulnerability in Inventivetec Mediacast

MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree.

5.0
2011-05-10 CVE-2011-2076 Inventivetec Information Exposure vulnerability in Inventivetec Mediacast

MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216.

5.0
2011-05-10 CVE-2010-0216 Inventivetec Cryptographic Issues vulnerability in Inventivetec Mediacast

authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter.

5.0
2011-05-09 CVE-2011-1907 ISC Resource Management Errors vulnerability in ISC Bind 9.8.0

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

5.0
2011-05-09 CVE-2011-1789 Vmware Cryptographic Issues vulnerability in VMWare Esx, Esxi and Vcenter

The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.

5.0
2011-05-09 CVE-2011-1015 Python Information Exposure vulnerability in Python 3.0

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

5.0
2011-05-09 CVE-2011-1748 Linux Null Pointer Dereference vulnerability in Linux Kernel

The raw_release function in net/can/raw.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.

4.9
2011-05-09 CVE-2011-1598 Linux Null Pointer Dereference vulnerability in Linux Kernel

The bcm_release function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted release operation.

4.9
2011-05-09 CVE-2011-1090 Linux Resource Management Errors vulnerability in Linux Kernel

The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel before 2.6.38 stores NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allows local users to cause a denial of service (panic) via a crafted attempt to set an ACL.

4.9
2011-05-09 CVE-2011-1747 Linux Resource Management Errors vulnerability in Linux Kernel

The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.

4.7
2011-05-13 CVE-2011-1406 Mahara Configuration vulnerability in Mahara

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

4.3
2011-05-13 CVE-2011-0633 Gisle AAS
Search Cpan
Improper Input Validation vulnerability in multiple products

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated.

4.3
2011-05-13 CVE-2011-2087 Apache Cross-Site Scripting vulnerability in Apache Struts

Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.

4.3
2011-05-13 CVE-2011-1855 HP Unspecified vulnerability in HP Network Node Manager I

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors.

4.3
2011-05-13 CVE-2011-1737 HP Cross-Site Scripting vulnerability in HP Palm Webos 1.4.5/1.4.5.1

Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-10 CVE-2011-2078 Inventivetec Cross-Site Scripting vulnerability in Inventivetec Mediacast

Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-05-10 CVE-2011-1824 Opera Improper Input Validation vulnerability in Opera Browser

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value.

4.3
2011-05-09 CVE-2011-0426 Vmware Path Traversal vulnerability in VMWare Vcenter and Virtualcenter

Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.

4.3
2011-05-13 CVE-2011-1404 Mahara Permissions, Privileges, and Access Controls vulnerability in Mahara

Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-05-13 CVE-2011-1405 Mahara Cross-Site Scripting vulnerability in Mahara

Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.

3.5
2011-05-10 CVE-2011-0905 David King Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David King Vino

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

3.5
2011-05-10 CVE-2011-0904 David King Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David King Vino

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

3.5
2011-05-13 CVE-2011-1772 Apache
Opensymphony
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.

2.6
2011-05-13 CVE-2011-1840 Martinicreations
Google
Cryptographic Issues vulnerability in Martinicreations Passmanlite Password Manager

The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access.

2.1
2011-05-13 CVE-2011-0995 Rubyforge
Novell
Permissions, Privileges, and Access Controls vulnerability in multiple products

The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

2.1
2011-05-09 CVE-2011-1788 Vmware Information Exposure vulnerability in VMWare Vcenter 4.0/4.1

vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.

2.1