Weekly Vulnerabilities Reports > August 29 to September 4, 2011
Overview
61 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 64 products from 31 vendors including Google, Cisco, Rubyonrails, Apple, and Linux. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Use After Free", and "Resource Management Errors".
- 53 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 58 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-0342 | Indusoft | Buffer Errors vulnerability in Indusoft web Studio 7.0B2 Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method. | 10.0 |
2011-08-29 | CVE-2011-2555 | Cisco | Credentials Management vulnerability in Cisco Telepresence Recording Server Software 1.7.2 Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182. | 10.0 |
2011-08-29 | CVE-2011-2822 | Google Microsoft | Improper Input Validation vulnerability in Google Chrome Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. | 10.0 |
2011-08-29 | CVE-2011-2806 | Google Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2011-08-29 | CVE-2011-1643 | Cisco | Information Exposure vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | 10.0 |
2011-09-02 | CVE-2011-2594 | Kmplayer | Buffer Errors vulnerability in Kmplayer 3.0.0.1441 Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field. | 9.3 |
2011-09-02 | CVE-2011-1944 | Xmlsoft | Numeric Errors vulnerability in Xmlsoft Libxml and Libxml2 Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. | 9.3 |
2011-08-29 | CVE-2011-3185 | Microsoft Pidgin | Improper Input Validation vulnerability in Pidgin gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message. | 9.3 |
2011-08-29 | CVE-2011-2825 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | 9.3 |
20 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-08-31 | CVE-2011-2577 | Cisco | Remote Denial of Service vulnerability in Cisco TelePresence Codecs SIP Packet Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500. | 7.8 |
2011-08-29 | CVE-2011-3192 | Apache Suse Opensuse Canonical | Resource Exhaustion vulnerability in multiple products The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. | 7.8 |
2011-08-29 | CVE-2011-2564 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | 7.8 |
2011-08-29 | CVE-2011-2563 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | 7.8 |
2011-08-29 | CVE-2011-2562 | Cisco | Unspecified vulnerability in Cisco Unified Communications Manager Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. | 7.8 |
2011-08-29 | CVE-2011-2560 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. | 7.8 |
2011-09-02 | CVE-2011-3134 | Tibco | Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 7.5 |
2011-09-02 | CVE-2011-2763 | Lifesize | Improper Input Validation vulnerability in Lifesize Room Appliance Software 4.7.18/Lsrm13.5.3 The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php. | 7.5 |
2011-08-31 | CVE-2011-3190 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. | 7.5 |
2011-08-29 | CVE-2011-0228 | Apple | Improper Input Validation vulnerability in Apple Iphone OS The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | 7.5 |
2011-08-29 | CVE-2011-2930 | Rubyonrails | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | 7.5 |
2011-08-29 | CVE-2011-2839 | Google Linux | Improper Input Validation vulnerability in Google Chrome The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 7.5 |
2011-08-29 | CVE-2011-2829 | Integer Overflow OR Wraparound vulnerability in Google Chrome Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays. | 7.5 | |
2011-08-29 | CVE-2011-2828 | Out-Of-Bounds Write vulnerability in Google Chrome Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | 7.5 | |
2011-08-29 | CVE-2011-2827 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | 7.5 |
2011-08-29 | CVE-2011-2826 | Unspecified vulnerability in Google Chrome Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins. | 7.5 | |
2011-08-29 | CVE-2011-2824 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes. | 7.5 | |
2011-08-29 | CVE-2011-2823 | Google Apple | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. | 7.5 |
2011-08-29 | CVE-2011-2821 | Google Debian Redhat Apple | Double Free vulnerability in Google Chrome Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | 7.5 |
2011-08-29 | CVE-2011-2561 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Manager The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. | 7.1 |
24 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-2903 | Rhythm | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rhythm Tcptrack Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. | 6.8 |
2011-09-02 | CVE-2011-1411 | Shibboleth | Improper Authentication vulnerability in Shibboleth Opensaml and Shibboleth-Identity-Provider Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | 5.8 |
2011-08-31 | CVE-2011-2899 | Redhat | Improper Input Validation vulnerability in Redhat System-Config-Printer pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers. | 5.1 |
2011-09-02 | CVE-2011-2762 | Lifesize | Improper Authentication vulnerability in Lifesize Room Appliance Software Lsrm13.5.3 The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. | 5.0 |
2011-08-31 | CVE-2011-2524 | Gnome | Path Traversal vulnerability in Gnome Libsoup Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI. | 5.0 |
2011-08-31 | CVE-2009-5063 | Libpng | Memory Leak vulnerability in Libpng Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. | 5.0 |
2011-08-31 | CVE-2006-7244 | Libpng | Resource Management Errors vulnerability in Libpng Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. | 5.0 |
2011-08-29 | CVE-2011-2929 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." | 5.0 |
2011-08-29 | CVE-2011-2213 | Linux Redhat | Infinite Loop vulnerability in Linux Kernel The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. | 4.9 |
2011-08-29 | CVE-2011-2928 | Linux | Null Pointer Dereference vulnerability in Linux Kernel The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. | 4.9 |
2011-09-02 | CVE-2011-3385 | Lepton CMS Websitebaker2 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307. | 4.3 |
2011-09-02 | CVE-2009-5086 | Juniper | Cross-Site Scripting vulnerability in Juniper IDP Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-09-02 | CVE-2011-3133 | Tibco | Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. | 4.3 |
2011-09-02 | CVE-2011-3132 | Tibco | Cross-Site Scripting vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2011-08-29 | CVE-2011-3187 | Rubyonrails | Improper Input Validation vulnerability in Rubyonrails Rails 3.0.5 The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | 4.3 |
2011-08-29 | CVE-2011-3186 | Rubyonrails | Code Injection vulnerability in Rubyonrails Rails CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. | 4.3 |
2011-08-29 | CVE-2011-2932 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." | 4.3 |
2011-08-29 | CVE-2011-2931 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. | 4.3 |
2011-08-29 | CVE-2011-3184 | Pidgin | Resource Management Errors vulnerability in Pidgin The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message. | 4.3 |
2011-08-29 | CVE-2011-3181 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name. | 4.3 |
2011-08-29 | CVE-2011-2943 | Pidgin | Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response. | 4.3 |
2011-09-02 | CVE-2011-3387 | IBM | Improper Input Validation vulnerability in IBM Java 1.4.2.13.9 The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. | 4.0 |
2011-09-02 | CVE-2011-3386 | Medtronic | Unspecified vulnerability in Medtronic Paradigm Wireless Insulin Pump Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. | 4.0 |
2011-08-29 | CVE-2011-2746 | Otrs | Local File Disclosure vulnerability in OTRS 'AdminPackageManager.pm' Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-09-02 | CVE-2011-0311 | IBM | Buffer Errors vulnerability in IBM Java and Runtimes for Java Technology The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. | 3.5 |
2011-09-02 | CVE-2011-0543 | Fuse | Permissions, Privileges, and Access Controls vulnerability in Fuse Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. | 3.3 |
2011-09-02 | CVE-2011-0542 | Fuse | Permissions, Privileges, and Access Controls vulnerability in Fuse fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. | 3.3 |
2011-09-02 | CVE-2011-0541 | Fuse | Link Following vulnerability in Fuse fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | 3.3 |
2011-08-29 | CVE-2011-2712 | Apache | Cross-Site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2.6 |
2011-09-02 | CVE-2011-2176 | Gnome | Improper Authentication vulnerability in Gnome Networkmanager GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | 2.1 |
2011-08-29 | CVE-2011-1781 | Systemtap | Numeric Errors vulnerability in Systemtap 1.4 SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing). | 1.2 |
2011-08-29 | CVE-2011-1769 | Systemtap | Numeric Errors vulnerability in Systemtap SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access. | 1.2 |