Weekly Vulnerabilities Reports > July 18 to 24, 2011
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 5 vendors including Linux, Canonical, Fedoraproject, Redhat, and Vmware. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Improper Initialization", and "Deserialization of Untrusted Data".
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- Linux has the most reported vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
2 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-21 | CVE-2011-2520 | Redhat Fedoraproject | Deserialization of Untrusted Data vulnerability in multiple products fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | 7.8 |
2011-07-18 | CVE-2010-4656 | Linux Canonical | Out-of-bounds Write vulnerability in multiple products The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | 7.8 |
1 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-18 | CVE-2010-4655 | Linux Vmware Canonical | Improper Initialization vulnerability in multiple products net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | 5.5 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|