Weekly Vulnerabilities Reports > October 10 to 16, 2011
Overview
82 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 29 products from 13 vendors including Apple, Microsoft, Plone, Dlink, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Code Injection", "Information Exposure", and "Cross-site Scripting".
- 70 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 79 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 58 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-14 | CVE-2011-3430 | Apple | Unspecified vulnerability in Apple Iphone OS The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. | 9.3 |
2011-10-12 | CVE-2011-3252 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. | 9.3 |
2011-10-12 | CVE-2011-3219 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | 9.3 |
2011-10-12 | CVE-2011-2001 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-2000 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1999 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 8 Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1998 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1997 | Microsoft | Improper Input Validation vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnLoad Event Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1996 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1995 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1993 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Scroll Event Remote Code Execution Vulnerability." | 9.3 |
2011-10-12 | CVE-2011-1969 | Microsoft | Code Injection vulnerability in Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." | 9.3 |
2011-10-10 | CVE-2011-4030 | Plone | Permissions, Privileges, and Access Controls vulnerability in Plone Cmfeditions and Plone The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. | 9.3 |
2011-10-10 | CVE-2011-3587 | Plone Zope | Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. | 9.3 |
2011-10-16 | CVE-2010-4965 | Dlink | Credentials Management vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware /etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. | 9.0 |
2011-10-16 | CVE-2010-4964 | Dlink | Code Injection vulnerability in Dlink Dcs-2121 and Dcs-2121 Firmware recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. | 9.0 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-14 | CVE-2011-3213 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | 7.6 |
2011-10-12 | CVE-2011-3244 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3241 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3239 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3238 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3237 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3236 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3235 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-3233 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
2011-10-12 | CVE-2011-0259 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 7.6 |
2011-10-14 | CVE-2011-0230 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 7.5 |
2011-10-10 | CVE-2011-2189 | Linux Redhat Canonical Debian | Resource Exhaustion vulnerability in multiple products net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. | 7.5 |
2011-10-12 | CVE-2011-2005 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | 7.2 |
41 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-14 | CVE-2011-3437 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. | 6.8 |
2011-10-14 | CVE-2011-3261 | Apple | Code Injection vulnerability in Apple Iphone OS Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | 6.8 |
2011-10-14 | CVE-2011-3260 | Apple | Code Injection vulnerability in Apple Iphone OS Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | 6.8 |
2011-10-14 | CVE-2011-3231 | Apple | Code Injection vulnerability in Apple Safari The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | 6.8 |
2011-10-14 | CVE-2011-3230 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
2011-10-14 | CVE-2011-3229 | Apple | Path Traversal vulnerability in Apple Safari Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | 6.8 |
2011-10-14 | CVE-2011-3228 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |
2011-10-14 | CVE-2011-3227 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | 6.8 |
2011-10-14 | CVE-2011-3226 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | 6.8 |
2011-10-14 | CVE-2011-3223 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. | 6.8 |
2011-10-14 | CVE-2011-3222 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 6.8 |
2011-10-14 | CVE-2011-3221 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | 6.8 |
2011-10-14 | CVE-2011-3217 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. | 6.8 |
2011-10-14 | CVE-2011-0229 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access. | 6.8 |
2011-10-14 | CVE-2011-0224 | Apple | Code Injection vulnerability in Apple mac OS X and mac OS X Server CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file. | 6.8 |
2011-10-14 | CVE-2011-3436 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. | 6.5 |
2011-10-12 | CVE-2011-3155 | HP | Unspecified vulnerability in HP Onboard Administrator 3.21/3.30/3.31 Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 through 3.31 allows remote attackers to bypass intended access restrictions via unknown vectors. | 6.4 |
2011-10-10 | CVE-2011-3599 | Adam Kennedy Perl | Cryptographic Issues vulnerability in Adam Kennedy Crypt-Dsa The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. | 5.8 |
2011-10-14 | CVE-2011-3432 | Apple | Resource Management Errors vulnerability in Apple Iphone OS The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. | 5.0 |
2011-10-14 | CVE-2011-3259 | Apple | Resource Management Errors vulnerability in Apple TV and Iphone OS The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. | 5.0 |
2011-10-14 | CVE-2011-3246 | Apple | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
2011-10-14 | CVE-2011-3242 | Apple | Information Exposure vulnerability in Apple Safari The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | 5.0 |
2011-10-14 | CVE-2011-3225 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | 5.0 |
2011-10-14 | CVE-2011-0231 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | 5.0 |
2011-10-12 | CVE-2011-2012 | Microsoft | Improper Input Validation vulnerability in Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash." | 5.0 |
2011-10-12 | CVE-2011-2008 | Microsoft | Improper Input Validation vulnerability in Microsoft Host Integration Server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability." | 5.0 |
2011-10-12 | CVE-2011-2007 | Microsoft | Improper Input Validation vulnerability in Microsoft Host Integration Server Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability." | 5.0 |
2011-10-14 | CVE-2011-3214 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | 4.6 |
2011-10-14 | CVE-2011-0260 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window. | 4.6 |
2011-10-14 | CVE-2011-0185 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file. | 4.4 |
2011-10-14 | CVE-2011-3434 | Apple | Credentials Management vulnerability in Apple Iphone OS The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2011-10-14 | CVE-2011-3426 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | 4.3 |
2011-10-14 | CVE-2011-3256 | Apple | Code Injection vulnerability in Apple Iphone OS FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. | 4.3 |
2011-10-14 | CVE-2011-3255 | Apple | Credentials Management vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2011-10-14 | CVE-2011-3254 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | 4.3 |
2011-10-14 | CVE-2011-3243 | Apple | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
2011-10-14 | CVE-2011-3220 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | 4.3 |
2011-10-12 | CVE-2011-1897 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Forefront Unified Access Gateway 2010 Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." | 4.3 |
2011-10-12 | CVE-2011-1896 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Forefront Unified Access Gateway 2010 Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability." | 4.3 |
2011-10-12 | CVE-2011-1895 | Microsoft | Code Injection vulnerability in Microsoft Forefront Unified Access Gateway 2010 CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." | 4.3 |
2011-10-10 | CVE-2011-2675 | Utage ORG | Cross-Site Scripting vulnerability in Utage.Org Enkai 030511 Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-10-14 | CVE-2011-3427 | Apple | Information Exposure vulnerability in Apple TV and Iphone OS The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | 2.6 |
2011-10-14 | CVE-2011-3253 | Apple | Information Exposure vulnerability in Apple Iphone OS CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | 2.6 |
2011-10-14 | CVE-2011-3224 | Apple | Multiple Security vulnerability in RETIRED: Apple Mac OS X Prior to 10.7.2 The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. | 2.6 |
2011-10-14 | CVE-2011-3218 | Apple | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. | 2.6 |
2011-10-14 | CVE-2011-3435 | Apple | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | 2.1 |
2011-10-14 | CVE-2011-3431 | Apple | Information Exposure vulnerability in Apple Iphone OS The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | 2.1 |
2011-10-14 | CVE-2011-3429 | Apple | Credentials Management vulnerability in Apple Iphone OS The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | 2.1 |
2011-10-14 | CVE-2011-3257 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. | 2.1 |
2011-10-14 | CVE-2011-3245 | Apple | Credentials Management vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | 2.1 |
2011-10-14 | CVE-2011-3216 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | 2.1 |
2011-10-14 | CVE-2011-3215 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | 2.1 |
2011-10-14 | CVE-2011-3212 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. | 2.1 |