Weekly Vulnerabilities Reports > August 29 to September 4, 2011

Overview

63 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 28 vendors including Google, Cisco, Rubyonrails, Linux, and Apple. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", and "Use After Free".

  • 53 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 60 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

9 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-02 CVE-2011-0342 Indusoft Buffer Errors vulnerability in Indusoft web Studio 7.0B2

Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.

10.0
2011-08-29 CVE-2011-2555 Cisco Credentials Management vulnerability in Cisco Telepresence Recording Server Software 1.7.2

Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a default password for the root administrator account, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtr76182.

10.0
2011-08-29 CVE-2011-2822 Google
Microsoft
Improper Input Validation vulnerability in Google Chrome

Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.

10.0
2011-08-29 CVE-2011-2806 Google
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2011-08-29 CVE-2011-1643 Cisco Information Exposure vulnerability in Cisco products

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.

10.0
2011-09-02 CVE-2011-2594 Kmplayer Buffer Errors vulnerability in Kmplayer 3.0.0.1441

Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other versions, allows remote attackers to execute arbitrary code via a playlist (.KPL) file with a long Title field.

9.3
2011-09-02 CVE-2011-1944 Xmlsoft Numeric Errors vulnerability in Xmlsoft Libxml and Libxml2

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

9.3
2011-08-29 CVE-2011-3185 Microsoft
Pidgin
Improper Input Validation vulnerability in Pidgin

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.

9.3
2011-08-29 CVE-2011-2825 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.

9.3

21 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-08-29 CVE-2011-2497 Linux Integer Underflow (Wrap OR Wraparound) vulnerability in Linux Kernel

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

8.3
2011-08-31 CVE-2011-2577 Cisco Remote Denial of Service vulnerability in Cisco TelePresence Codecs SIP Packet

Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.

7.8
2011-08-29 CVE-2011-3192 Apache Resource Management Errors vulnerability in Apache Http Server

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

7.8
2011-08-29 CVE-2011-2564 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.

7.8
2011-08-29 CVE-2011-2563 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.

7.8
2011-08-29 CVE-2011-2562 Cisco Unspecified vulnerability in Cisco Unified Communications Manager

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.

7.8
2011-08-29 CVE-2011-2560 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.

7.8
2011-09-02 CVE-2011-3134 Tibco Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server

Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.

7.5
2011-09-02 CVE-2011-2763 Lifesize Improper Input Validation vulnerability in Lifesize Room Appliance Software 4.7.18/Lsrm13.5.3

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoom_Remoting.doCommand function in gateway.php.

7.5
2011-08-31 CVE-2011-3190 Apache Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

7.5
2011-08-29 CVE-2011-0228 Apple Improper Input Validation vulnerability in Apple Iphone OS

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

7.5
2011-08-29 CVE-2011-2930 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

7.5
2011-08-29 CVE-2011-2839 Google
Linux
Improper Input Validation vulnerability in Google Chrome

The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2011-08-29 CVE-2011-2829 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.

7.5
2011-08-29 CVE-2011-2828 Google Out-Of-Bounds Write vulnerability in Google Chrome

Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

7.5
2011-08-29 CVE-2011-2827 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.

7.5
2011-08-29 CVE-2011-2826 Google Unspecified vulnerability in Google Chrome

Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.

7.5
2011-08-29 CVE-2011-2824 Google USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.

7.5
2011-08-29 CVE-2011-2823 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.

7.5
2011-08-29 CVE-2011-2821 Google
Debian
Redhat
Apple
Double Free vulnerability in Google Chrome

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

7.5
2011-08-29 CVE-2011-2561 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Manager

The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.

7.1

25 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-02 CVE-2011-2903 Rhythm Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rhythm Tcptrack

Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument.

6.8
2011-09-02 CVE-2011-1411 Shibboleth Improper Authentication vulnerability in Shibboleth Opensaml and Shibboleth-Identity-Provider

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

5.8
2011-08-31 CVE-2011-1576 Linux
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The Generic Receive Offload (GRO) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux 5 and 2.6.32 on Red Hat Enterprise Linux 6, as used in Red Hat Enterprise Virtualization (RHEV) Hypervisor and other products, allows remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

5.7
2011-08-31 CVE-2011-2899 Redhat Improper Input Validation vulnerability in Redhat System-Config-Printer

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.

5.1
2011-09-02 CVE-2011-2762 Lifesize Improper Authentication vulnerability in Lifesize Room Appliance Software Lsrm13.5.3

The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php.

5.0
2011-08-31 CVE-2011-2524 Gnome Path Traversal vulnerability in Gnome Libsoup

Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.

5.0
2011-08-31 CVE-2009-5063 Libpng Memory Leak vulnerability in Libpng

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

5.0
2011-08-31 CVE-2006-7244 Libpng Resource Management Errors vulnerability in Libpng

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.

5.0
2011-08-29 CVE-2011-2929 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

5.0
2011-08-29 CVE-2011-2213 Linux
Redhat
Infinite Loop vulnerability in Linux Kernel

The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

4.9
2011-08-29 CVE-2011-2928 Linux Null Pointer Dereference vulnerability in Linux Kernel

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

4.9
2011-09-02 CVE-2011-3385 Lepton CMS
Websitebaker2
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unknown vectors, a different vulnerability than CVE-2006-2307.

4.3
2011-09-02 CVE-2009-5086 Juniper Cross-Site Scripting vulnerability in Juniper IDP

Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-09-02 CVE-2011-3133 Tibco Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server

Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.

4.3
2011-09-02 CVE-2011-3132 Tibco Cross-Site Scripting vulnerability in Tibco Spotfire Analytics Server and Spotfire Server

Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2011-08-29 CVE-2011-3187 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails 3.0.5

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

4.3
2011-08-29 CVE-2011-3186 Rubyonrails Code Injection vulnerability in Rubyonrails Rails

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

4.3
2011-08-29 CVE-2011-2932 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."

4.3
2011-08-29 CVE-2011-2931 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails and Ruby ON Rails

Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

4.3
2011-08-29 CVE-2011-3184 Pidgin Resource Management Errors vulnerability in Pidgin

The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

4.3
2011-08-29 CVE-2011-3181 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.

4.3
2011-08-29 CVE-2011-2943 Pidgin Denial of Service and Security Bypass vulnerability in Pidgin Libpurple and Pidgin

The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.

4.3
2011-09-02 CVE-2011-3387 IBM Improper Input Validation vulnerability in IBM Java 1.4.2.13.9

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.

4.0
2011-09-02 CVE-2011-3386 Medtronic Unspecified vulnerability in Medtronic Paradigm Wireless Insulin Pump

Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.

4.0
2011-08-29 CVE-2011-2746 Otrs Local File Disclosure vulnerability in OTRS 'AdminPackageManager.pm'

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-09-02 CVE-2011-0311 IBM Buffer Errors vulnerability in IBM Java and Runtimes for Java Technology

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read.

3.5
2011-09-02 CVE-2011-0543 Fuse Permissions, Privileges, and Access Controls vulnerability in Fuse

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.

3.3
2011-09-02 CVE-2011-0542 Fuse Permissions, Privileges, and Access Controls vulnerability in Fuse

fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.

3.3
2011-09-02 CVE-2011-0541 Fuse Link Following vulnerability in Fuse

fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

3.3
2011-08-29 CVE-2011-2712 Apache Cross-Site Scripting vulnerability in Apache Wicket

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

2.6
2011-09-02 CVE-2011-2176 Gnome Improper Authentication vulnerability in Gnome Networkmanager

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.

2.1
2011-08-29 CVE-2011-1781 Systemtap Numeric Errors vulnerability in Systemtap 1.4

SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).

1.2
2011-08-29 CVE-2011-1769 Systemtap Numeric Errors vulnerability in Systemtap

SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.

1.2