Weekly Vulnerabilities Reports > November 7 to 13, 2011
Overview
51 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 18 vendors including Apple, Adobe, Microsoft, Google, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", and "Improper Input Validation".
- 44 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 47 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Adobe has the most reported critical vulnerabilities, with 16 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-11 | CVE-2011-2460 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. | 10.0 |
| 2011-11-11 | CVE-2011-2459 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2457 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-11 | CVE-2011-2456 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-11 | CVE-2011-2455 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2454 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2453 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2452 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2451 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-11 | CVE-2011-2450 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | 10.0 |
| 2011-11-11 | CVE-2011-2445 | Adobe Apple Linux Microsoft SUN | Buffer Errors vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. | 10.0 |
| 2011-11-09 | CVE-2011-3654 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox and Thunderbird The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-09 | CVE-2011-3652 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox and Thunderbird The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-11-09 | CVE-2011-3651 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2011-11-08 | CVE-2011-2449 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2011-11-08 | CVE-2011-2448 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2446. | 10.0 |
| 2011-11-08 | CVE-2011-2447 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2011-11-08 | CVE-2011-2446 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2448. | 10.0 |
| 2011-11-12 | CVE-2011-4047 | Dell | Code Injection vulnerability in Dell Kace K2000 Systems Deployment Appliance The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | 9.3 |
| 2011-11-11 | CVE-2011-3439 | Apple Suse | Out-Of-Bounds Write vulnerability in multiple products FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | 9.3 |
| 2011-11-11 | CVE-2011-2458 | Adobe Apple Linux Microsoft SUN | Permissions, Privileges, and Access Controls vulnerability in Adobe AIR and Flash Player Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. | 9.3 |
| 2011-11-09 | CVE-2011-2740 | EMC Mozilla | Permissions, Privileges, and Access Controls vulnerability in EMC RSA KEY Manager Appliance 2.7 EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | 9.3 |
| 2011-11-09 | CVE-2011-3655 | Mozilla | Code Injection vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | 9.3 |
| 2011-11-09 | CVE-2011-3650 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | 9.3 |
| 2011-11-09 | CVE-2011-3647 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Thunderbird The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | 9.3 |
| 2011-11-08 | CVE-2011-4000 | Nara Institute OF Science AND Technology | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nara Institute of Science and Technology Chasen Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string. | 9.3 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-09 | CVE-2011-2739 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | 8.5 |
| 2011-11-09 | CVE-2011-3997 | Opengear | Improper Authentication vulnerability in Opengear products Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors. | 7.5 |
| 2011-11-11 | CVE-2011-3442 | Apple | Resource Management Errors vulnerability in Apple Iphone OS The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | 7.2 |
| 2011-11-08 | CVE-2011-2004 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 7 and Windows Server 2008 Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. | 7.1 |
14 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-10 | CVE-2011-4431 | Merethis | Path Traversal vulnerability in Merethis Centreon Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. | 6.5 |
| 2011-11-12 | CVE-2011-4046 | Dell | Cryptographic Issues vulnerability in Dell Kace K2000 Systems Deployment Appliance The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code. | 5.0 |
| 2011-11-11 | CVE-2011-4435 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Tools for Z/Os 2.3.0 The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. | 5.0 |
| 2011-11-10 | CVE-2011-4432 | Merethis | Cryptographic Issues vulnerability in Merethis Centreon www/include/configuration/nconfigObject/contact/DB-Func.php in Merethis Centreon before 2.3.2 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | 5.0 |
| 2011-11-09 | CVE-2011-3653 | Mozilla Apple | Information Exposure vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. | 5.0 |
| 2011-11-07 | CVE-2011-3169 | HP | Unspecified vulnerability in HP TCP IP Services Openvms 5.6/5.7 Unspecified vulnerability in the SMTP service implementation in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to cause a denial of service via unknown vectors. | 5.0 |
| 2011-11-07 | CVE-2011-3168 | HP | Unauthorized Access Security Bypass vulnerability in HP TCP IP Services Openvms 5.6/5.7 Unspecified vulnerability in the POP and IMAP service implementations in HP TCP/IP Services 5.6 and 5.7 for OpenVMS allows remote attackers to obtain sensitive information via unknown vectors. | 5.0 |
| 2011-11-11 | CVE-2011-1375 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/7.1 IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call. | 4.9 |
| 2011-11-11 | CVE-2011-3376 | Apache | Permissions, Privileges, and Access Controls vulnerability in Apache Tomcat org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | 4.4 |
| 2011-11-12 | CVE-2011-4048 | Dell | Credentials Management vulnerability in Dell Kace K2000 Systems Deployment Appliance The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials. | 4.3 |
| 2011-11-11 | CVE-2011-3441 | Apple | Information Exposure vulnerability in Apple Iphone OS libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | 4.3 |
| 2011-11-09 | CVE-2011-3999 | IBC CO JP | Cross-Site Scripting vulnerability in Ibc.Co.Jp Iwate Portal BAR Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. | 4.3 |
| 2011-11-09 | CVE-2011-3998 | Apple | Cross-Site Scripting vulnerability in Apple Webobjects Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-11-09 | CVE-2011-3648 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Thunderbird Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | 4.3 |
7 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2011-11-11 | CVE-2011-4434 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7 and Windows Server 2008 Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | 3.6 |
| 2011-11-12 | CVE-2011-4436 | Dell | Cross-Site Scripting vulnerability in Dell Kace K2000 Systems Deployment Appliance Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2011-11-09 | CVE-2011-3985 | Plume CMS | Cross-Site Scripting vulnerability in Plume-Cms Plume CMS Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2011-11-09 | CVE-2011-3649 | Mozilla Microsoft | Information Exposure vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. | 2.6 |
| 2011-11-09 | CVE-2011-1373 | IBM | Remote Denial of Service vulnerability in IBM DB2 Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. | 1.5 |
| 2011-11-11 | CVE-2011-3440 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Ipad2 and Iphone OS The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | 1.2 |
| 2011-11-08 | CVE-2011-4415 | Apache | Improper Input Validation vulnerability in Apache Http Server The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. | 1.2 |