Weekly Vulnerabilities Reports > June 20 to 26, 2011
Overview
43 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 23 products from 18 vendors including Apple, Simplemachines, Linux, Prosody, and Fedoraproject. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Information Exposure", and "Cross-site Scripting".
- 38 reported vulnerabilities are remotely exploitables.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 39 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Rockwellautomation has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-21 | CVE-2011-1127 | Simplemachines | Permissions, Privileges, and Access Controls vulnerability in Simplemachines SMF SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2011-06-24 | CVE-2011-2194 | Videolan | Numeric Errors vulnerability in Videolan VLC Media Player Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. | 9.3 |
2011-06-24 | CVE-2011-1908 | Foxitsoftware | Numeric Errors vulnerability in Foxitsoftware Foxit Reader Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document. | 9.3 |
2011-06-22 | CVE-2011-2530 | Rockwellautomation | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rockwellautomation EDS Hardware Installation Tool and Rslinx Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file. | 9.3 |
9 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-24 | CVE-2011-2193 | Clusterresources | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clusterresources Torque Resource Manager Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff. | 8.5 |
2011-06-24 | CVE-2011-0196 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network. | 7.8 |
2011-06-22 | CVE-2011-2534 | Linux | Classic Buffer Overflow vulnerability in Linux Kernel Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character. | 7.8 |
2011-06-24 | CVE-2011-1770 | Linux Fedoraproject | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read. | 7.5 |
2011-06-24 | CVE-2011-0206 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. | 7.5 |
2011-06-24 | CVE-2011-0201 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow. | 7.5 |
2011-06-21 | CVE-2011-1755 | Jabberd2 Fedoraproject Apple | XML Entity Expansion vulnerability in multiple products jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 7.5 |
2011-06-21 | CVE-2011-1130 | Simplemachines | Improper Input Validation vulnerability in Simplemachines SMF Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php. | 7.5 |
2011-06-21 | CVE-2011-1128 | Simplemachines | Cryptographic Issues vulnerability in Simplemachines SMF The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. | 7.5 |
27 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-24 | CVE-2011-0211 | Apple | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 6.8 |
2011-06-24 | CVE-2011-0210 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | 6.8 |
2011-06-24 | CVE-2011-0209 | Apple | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | 6.8 |
2011-06-24 | CVE-2011-0208 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document. | 6.8 |
2011-06-24 | CVE-2011-0205 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | 6.8 |
2011-06-24 | CVE-2011-0204 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Imageio, mac OS X and mac OS X Server Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. | 6.8 |
2011-06-24 | CVE-2011-0202 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. | 6.8 |
2011-06-24 | CVE-2011-0200 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | 6.8 |
2011-06-24 | CVE-2011-0198 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font. | 6.8 |
2011-06-24 | CVE-2011-0212 | Apple | Resource Management Errors vulnerability in Apple mac OS X Server servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | 6.4 |
2011-06-24 | CVE-2011-0199 | Apple | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | 5.9 |
2011-06-22 | CVE-2011-2206 | Brad Fitzpatrick | Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd XMLParser.pm in DJabberd before 0.85 allows remote authenticated users to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference, a different vulnerability than CVE-2011-1757. | 5.5 |
2011-06-24 | CVE-2011-1409 | Ulli Horlacher | Improper Authentication vulnerability in Ulli Horlacher FEX 20100208 Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | 5.0 |
2011-06-24 | CVE-2011-0207 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. | 5.0 |
2011-06-24 | CVE-2011-0203 | Apple | Path Traversal vulnerability in Apple mac OS X Server Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing. | 5.0 |
2011-06-22 | CVE-2011-2532 | Prosody | Resource Management Errors vulnerability in Prosody 0.8.0 The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data. | 5.0 |
2011-06-22 | CVE-2011-2205 | Prosody | Resource Management Errors vulnerability in Prosody Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-2188 | Matthewwild | Resource Management Errors vulnerability in Matthewwild Luaexpat 1.0/1.0.1/1.0.2 LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1757 | Brad Fitzpatrick | Resource Management Errors vulnerability in Brad Fitzpatrick Djabberd DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1756 | Citadel | Resource Management Errors vulnerability in Citadel modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1754 | Jabberd | Resource Management Errors vulnerability in Jabberd Jabberd14 jabberd14 1.6.1.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1753 | Process ONE | Resource Management Errors vulnerability in Process-One Ejabberd and Exmpp expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2011-06-21 | CVE-2011-1131 | Simplemachines | Information Exposure vulnerability in Simplemachines SMF The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search. | 5.0 |
2011-06-24 | CVE-2011-2484 | Linux | Resource Management Errors vulnerability in Linux Kernel The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. | 4.9 |
2011-06-24 | CVE-2011-1132 | Apple | Denial of Service vulnerability in Apple Mac OS X IPV6 Socket Options (CVE-2010-1132) The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options. | 4.9 |
2011-06-22 | CVE-2011-1330 | KBS | Cross-Site Scripting vulnerability in KBS Weblygo Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-06-22 | CVE-2011-2531 | Prosody | Resource Management Errors vulnerability in Prosody 0.8.0 Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-06-21 | CVE-2011-1129 | Simplemachines | Cross-Site Scripting vulnerability in Simplemachines SMF Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action. | 3.5 |
2011-06-22 | CVE-2011-2533 | Freedesktop | Link Following vulnerability in Freedesktop Dbus The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | 3.3 |
2011-06-24 | CVE-2011-0197 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | 2.1 |