Weekly Vulnerabilities Reports > June 20 to 26, 2011
Overview
4 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 4 vendors including Apple, Linux, Fedoraproject, and Jabberd2. Vulnerabilities are notably categorized as "Integer Underflow (Wrap or Wraparound)", "XML Entity Expansion", "Improper Certificate Validation", and "Classic Buffer Overflow".
- 3 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-06-22 | CVE-2011-2534 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. | 7.8 |
| 2011-06-24 | CVE-2011-1770 | Linux Fedoraproject | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. | 7.5 |
| 2011-06-21 | CVE-2011-1755 | Jabberd2 Fedoraproject Apple | XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |
1 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-06-24 | CVE-2011-0199 | Apple | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | 5.9 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|