Weekly Vulnerabilities Reports > May 9 to 15, 2011
Overview
61 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 7 high severity vulnerabilities. This weekly summary report vulnerabilities in 141 products from 33 vendors including Microsoft, Google, Apple, Linux, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Cross-site Scripting", and "Permissions, Privileges, and Access Controls".
- 55 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 54 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
23 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-13 | CVE-2011-1854 | HP | Resource Management Errors vulnerability in HP Intelligent Management Center 5.0 Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler. | 10.0 |
2011-05-13 | CVE-2011-1853 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 5.0 tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table. | 10.0 |
2011-05-13 | CVE-2011-1852 | HP | Buffer Errors vulnerability in HP Intelligent Management Center 5.0 Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode. | 10.0 |
2011-05-13 | CVE-2011-1851 | HP | Buffer Errors vulnerability in HP Intelligent Management Center 5.0 Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field. | 10.0 |
2011-05-13 | CVE-2011-1850 | HP | Buffer Errors vulnerability in HP Intelligent Management Center 5.0 Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action. | 10.0 |
2011-05-13 | CVE-2011-1849 | HP | Improper Input Validation vulnerability in HP Intelligent Management Center 5.0 tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request. | 10.0 |
2011-05-13 | CVE-2011-1848 | HP | Buffer Errors vulnerability in HP Intelligent Management Center 5.0 Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet. | 10.0 |
2011-05-13 | CVE-2011-0627 | Adobe Apple Linux Microsoft Oracle | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. | 9.3 |
2011-05-13 | CVE-2011-0626 | Adobe Apple Linux Microsoft Oracle | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. | 9.3 |
2011-05-13 | CVE-2011-0625 | Adobe Apple Linux Microsoft Oracle | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0626. | 9.3 |
2011-05-13 | CVE-2011-0624 | Adobe Apple Linux Microsoft Oracle | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. | 9.3 |
2011-05-13 | CVE-2011-0623 | Adobe Apple Linux Microsoft Oracle | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. | 9.3 |
2011-05-13 | CVE-2011-0622 | Adobe Apple Linux Microsoft Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. | 9.3 |
2011-05-13 | CVE-2011-0621 | Adobe Apple Linux Microsoft Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0622. | 9.3 |
2011-05-13 | CVE-2011-0620 | Adobe Apple Linux Microsoft Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. | 9.3 |
2011-05-13 | CVE-2011-0619 | Adobe Apple Linux Microsoft Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622. | 9.3 |
2011-05-13 | CVE-2011-0618 | Adobe Apple Linux Microsoft Oracle | Numeric Errors vulnerability in Adobe Flash Player Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2011-05-13 | CVE-2011-2089 | Iconics | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Iconics Bizviz and Genesis32 Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute arbitrary code via a long string in the argument. | 9.3 |
2011-05-13 | CVE-2011-1270 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Powerpoint 2002/2003 Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability." | 9.3 |
2011-05-13 | CVE-2011-1269 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability." | 9.3 |
2011-05-13 | CVE-2011-1248 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." | 9.3 |
2011-05-13 | CVE-2011-0341 | Artifex Mozilla | Buffer Errors vulnerability in Artifex Mupdf 2008.09.02 Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. | 9.3 |
2011-05-10 | CVE-2011-2075 | Google Microsoft | Remote Code Execution vulnerability in Google Chrome 11.0.696.65/12.0.742.30 Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP1 allows remote attackers to execute arbitrary code via unknown vectors. | 9.3 |
7 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-10 | CVE-2011-2074 | Skype Apple | Remote Code Execution vulnerability in Skype Technologies Skype for Mac Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 on Mac OS X allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via a crafted message. | 8.5 |
2011-05-09 | CVE-2011-1323 | Yamaha NEC | Improper Input Validation vulnerability in Yamaha products Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location. | 7.8 |
2011-05-10 | CVE-2011-2080 | Inventivetec | SQL Injection vulnerability in Inventivetec Mediacast Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm. | 7.5 |
2011-05-10 | CVE-2011-2079 | Inventivetec | Improper Input Validation vulnerability in Inventivetec Mediacast MediaCAST 8 and earlier allows remote attackers to have an unspecified impact via a (1) CP_RIGHTSOURCE or (2) bdclient_Inventive cookie to the default URI under inventivex/managetraining/, related to an "XML injection" issue. | 7.5 |
2011-05-10 | CVE-2011-2077 | Inventivetec | Configuration vulnerability in Inventivetec Mediacast The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session. | 7.5 |
2011-05-09 | CVE-2010-4284 | Samsung | SQL Injection vulnerability in Samsung Data Management Server 1.3.3/1.4.1 SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-05-13 | CVE-2011-1738 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Palm Webos 1.4.5/1.4.5.1 HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. | 7.2 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-13 | CVE-2011-1403 | Mahara | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys. | 6.8 |
2011-05-09 | CVE-2011-1547 | Netbsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Netbsd Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0, 5.0 before 5.0.3, and 5.1 before 5.1.1, when IPsec is enabled, allow remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a crafted (1) IPv4 or (2) IPv6 packet with nested IPComp headers. | 6.8 |
2011-05-13 | CVE-2011-1402 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting. | 6.5 |
2011-05-13 | CVE-2011-1326 | FON | Denial of Service vulnerability in FON La Fonera+ Unspecified vulnerability on the La Fonera+ router with firmware before 1.7.0.1 allows remote attackers to cause a denial of service via unknown vectors. | 6.1 |
2011-05-13 | CVE-2011-1325 | Lockon | Cross-Site Request Forgery (CSRF) vulnerability in Lockon Ec-Cube Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 5.8 |
2011-05-09 | CVE-2011-1324 | Buffalotech | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. | 5.8 |
2011-05-13 | CVE-2011-0579 | Adobe Apple Linux Microsoft Oracle | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2011-05-13 | CVE-2011-2088 | Apache Opensymphony | Information Exposure vulnerability in multiple products XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3. | 5.0 |
2011-05-13 | CVE-2011-0761 | Perl | NULL Pointer Dereference Denial Of Service vulnerability in Perl 5.10.0/5.10.1 Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. | 5.0 |
2011-05-10 | CVE-2011-2081 | Inventivetec | Information Exposure vulnerability in Inventivetec Mediacast MediaCAST 8 and earlier does not properly handle requests for inventivex/isptools/release/metadata/globalIncludeFolders.txt, which allows remote attackers to obtain sensitive information via unspecified vectors related to the Public/ directory tree. | 5.0 |
2011-05-10 | CVE-2011-2076 | Inventivetec | Information Exposure vulnerability in Inventivetec Mediacast MediaCAST 8 and earlier stores passwords in cleartext, which makes it easier for context-dependent attackers to obtain sensitive information by reading an unspecified password data store, a different vulnerability than CVE-2010-0216. | 5.0 |
2011-05-10 | CVE-2010-0216 | Inventivetec | Cryptographic Issues vulnerability in Inventivetec Mediacast authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows remote attackers to discover usernames and cleartext passwords by reading the error messages returned for requests that use the UserID parameter. | 5.0 |
2011-05-09 | CVE-2011-1907 | ISC | Resource Management Errors vulnerability in ISC Bind 9.8.0 ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. | 5.0 |
2011-05-09 | CVE-2011-1789 | Vmware | Cryptographic Issues vulnerability in VMWare Esx, Esxi and Vcenter The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer. | 5.0 |
2011-05-09 | CVE-2011-1015 | Python | Information Exposure vulnerability in Python 3.0 The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | 5.0 |
2011-05-13 | CVE-2011-1406 | Mahara | Configuration vulnerability in Mahara Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | 4.3 |
2011-05-13 | CVE-2011-0633 | Gisle AAS Search Cpan | Improper Input Validation vulnerability in multiple products The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. | 4.3 |
2011-05-13 | CVE-2011-2087 | Apache | Cross-Site Scripting vulnerability in Apache Struts Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java. | 4.3 |
2011-05-13 | CVE-2011-1855 | HP | Unspecified vulnerability in HP Network Node Manager I Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors. | 4.3 |
2011-05-13 | CVE-2011-1737 | HP | Cross-Site Scripting vulnerability in HP Palm Webos 1.4.5/1.4.5.1 Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-05-10 | CVE-2011-2078 | Inventivetec | Cross-Site Scripting vulnerability in Inventivetec Mediacast Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-05-10 | CVE-2011-1824 | Opera | Improper Input Validation vulnerability in Opera Browser The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value. | 4.3 |
2011-05-09 | CVE-2011-0426 | Vmware | Path Traversal vulnerability in VMWare Vcenter and Virtualcenter Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors. | 4.3 |
2011-05-13 | CVE-2011-1404 | Mahara | Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-05-13 | CVE-2011-1405 | Mahara | Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php. | 3.5 |
2011-05-10 | CVE-2011-0905 | David King | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David King Vino The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation. | 3.5 |
2011-05-10 | CVE-2011-0904 | David King | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in David King Vino The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions. | 3.5 |
2011-05-13 | CVE-2011-1772 | Apache Opensymphony | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element. | 2.6 |
2011-05-13 | CVE-2011-1840 | Martinicreations | Cryptographic Issues vulnerability in Martinicreations Passmanlite Password Manager The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access. | 2.1 |
2011-05-13 | CVE-2011-0995 | Rubyforge Novell | Permissions, Privileges, and Access Controls vulnerability in multiple products The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | 2.1 |
2011-05-09 | CVE-2011-1788 | Vmware | Information Exposure vulnerability in VMWare Vcenter 4.0/4.1 vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors. | 2.1 |