Weekly Vulnerabilities Reports > June 4 to 10, 2012

Overview

89 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 74 products from 44 vendors including Opensuse, Mozilla, Redhat, Microsoft, and Debian. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Numeric Errors", and "Improper Input Validation".

  • 85 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 77 reported vulnerabilities are exploitable by an anonymous user.
  • Opensuse has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-07 CVE-2012-0507 SUN
Oracle
Remote Java Runtime Environment Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.

10.0
2012-06-07 CVE-2012-3290 Google
Acer
Samsung
Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors.
10.0
2012-06-04 CVE-2012-1250 Logitec Permissions, Privileges, and Access Controls vulnerability in Logitec products

Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.

10.0
2012-06-09 CVE-2012-2040 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Untrusted Search Path vulnerability in multiple products

Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory.

9.3
2012-06-09 CVE-2012-2039 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Null Pointer Dereference vulnerability in multiple products

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

9.3
2012-06-09 CVE-2012-2037 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034.

9.3
2012-06-09 CVE-2012-2036 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.

9.3
2012-06-09 CVE-2012-2035 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Out-Of-Bounds Write vulnerability in multiple products

Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.

9.3
2012-06-09 CVE-2012-2034 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.

9.3
2012-06-07 CVE-2012-0985 Sony Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sony products

Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.

9.3
2012-06-05 CVE-2012-3105 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101.

9.3
2012-06-05 CVE-2012-1947 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.

9.3
2012-06-05 CVE-2012-1946 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.

9.3
2012-06-05 CVE-2012-1941 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.

9.3
2012-06-05 CVE-2012-1940 Mozilla Resource Management Errors vulnerability in Mozilla products

Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.

9.3
2012-06-05 CVE-2012-1939 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox ESR and Thunderbird ESR

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.

9.3
2012-06-05 CVE-2012-1938 Mozilla
Opensuse
Suse
Redhat
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
9.3
2012-06-05 CVE-2012-1937 Mozilla Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3

11 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-05 CVE-2012-1667 ISC Numeric Errors vulnerability in ISC Bind

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

8.5
2012-06-07 CVE-2012-3291 Infradead Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Infradead Openconnect

Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.

7.8
2012-06-07 CVE-2012-3292 Globus Permissions, Privileges, and Access Controls vulnerability in Globus Toolkit

The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.

7.6
2012-06-08 CVE-2012-1817 Emerson Improper Input Validation vulnerability in Emerson products

Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file.

7.5
2012-06-08 CVE-2012-1815 Emerson SQL Injection vulnerability in Emerson products

SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-06-07 CVE-2012-2762 S9Y SQL Injection vulnerability in S9Y Serendipity

SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

7.5
2012-06-05 CVE-2012-0805 Sqlalchemy SQL Injection vulnerability in Sqlalchemy

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

7.5
2012-06-04 CVE-2011-5092 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.

7.5
2012-06-04 CVE-2012-1255 Segue Project SQL Injection vulnerability in Segue Project Segue

SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2012-06-05 CVE-2012-1942 Mozilla
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.

7.2
2012-06-05 CVE-2012-0920 Dropbear SSH Project
Debian
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."

7.1

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-05 CVE-2012-1943 Mozilla
Microsoft
Local Privilege Escalation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.

6.9
2012-06-09 CVE-2012-3343 Bloxx Cross-Site Request Forgery (CSRF) vulnerability in Bloxx web Filtering

Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.

6.8
2012-06-09 CVE-2012-2564 Bloxx Cross-Site Request Forgery (CSRF) vulnerability in Bloxx web Filtering

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions.

6.8
2012-06-07 CVE-2011-2915 Konstanty Bialkowski Numeric Errors vulnerability in Konstanty Bialkowski Libmodplug

Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.

6.8
2012-06-07 CVE-2011-2914 Konstanty Bialkowski Numeric Errors vulnerability in Konstanty Bialkowski Libmodplug

Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.

6.8
2012-06-07 CVE-2011-2913 Konstanty Bialkowski Numeric Errors vulnerability in Konstanty Bialkowski Libmodplug

Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.

6.8
2012-06-07 CVE-2011-2912 Konstanty Bialkowski Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Konstanty Bialkowski Libmodplug

Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.

6.8
2012-06-07 CVE-2011-2911 Konstanty Bialkowski Numeric Errors vulnerability in Konstanty Bialkowski Libmodplug

Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.

6.8
2012-06-07 CVE-2011-1761 Konstanty Bialkowski Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Konstanty Bialkowski Libmodplug

Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file.

6.8
2012-06-05 CVE-2012-2144 Openstack Unspecified vulnerability in Openstack Horizon 2012.1/Folsom1

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

6.8
2012-06-05 CVE-2012-1185 Imagemagick
Debian
Canonical
Opensuse
Integer Overflow OR Wraparound vulnerability in Imagemagick

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image.

6.8
2012-06-05 CVE-2012-0247 Imagemagick
Debian
Canonical
Redhat
Improper Input Validation vulnerability in Imagemagick

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

6.8
2012-06-04 CVE-2012-1173 Libtiff Numeric Errors vulnerability in Libtiff 3.9.4

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.

6.8
2012-06-04 CVE-2012-0815 RPM Numeric Errors vulnerability in RPM

The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.

6.8
2012-06-04 CVE-2012-0061 RPM Improper Input Validation vulnerability in RPM

The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header.

6.8
2012-06-04 CVE-2012-0060 RPM Improper Input Validation vulnerability in RPM

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.

6.8
2012-06-04 CVE-2011-4458 Bestpractical Code Injection vulnerability in Bestpractical RT

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.

6.8
2012-06-04 CVE-2011-2085 Bestpractical Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical RT

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.

6.8
2012-06-08 CVE-2012-2603 Collabnet Permissions, Privileges, and Access Controls vulnerability in Collabnet Scrumworks

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.

6.5
2012-06-04 CVE-2011-5093 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.

6.5
2012-06-04 CVE-2011-4460 Bestpractical SQL Injection vulnerability in Bestpractical RT

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.

6.5
2012-06-08 CVE-2012-1818 Emerson Permissions, Privileges, and Access Controls vulnerability in Emerson products

An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors.

6.4
2012-06-08 CVE-2012-1826 Dotcms Permissions, Privileges, and Access Controls vulnerability in Dotcms 1.9/1.9.2.1

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.

6.0
2012-06-09 CVE-2012-2565 Bloxx Permissions, Privileges, and Access Controls vulnerability in Bloxx web Filtering

Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach.

5.8
2012-06-08 CVE-2012-3003 Siemens Improper Input Validation vulnerability in Siemens Wincc 7.0

Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.

5.8
2012-06-04 CVE-2012-1251 Opera Cryptographic Issues vulnerability in Opera Browser

Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2012-06-08 CVE-2012-2596 Siemens Code Injection vulnerability in Siemens Wincc 7.0

The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.

5.5
2012-06-07 CVE-2012-1012 MIT Permissions, Privileges, and Access Controls vulnerability in MIT Kerberos 5 1.10/1.10.1

server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.

5.5
2012-06-09 CVE-2012-2566 Bloxx Permissions, Privileges, and Access Controls vulnerability in Bloxx web Filtering

Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header.

5.0
2012-06-08 CVE-2012-1816 Emerson Buffer Errors vulnerability in Emerson products

PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111.

5.0
2012-06-05 CVE-2012-0441 Mozilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.

5.0
2012-06-05 CVE-2012-1610 Imagemagick
Debian
Canonical
Opensuse
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.

5.0
2012-06-04 CVE-2011-2082 Bestpractical Credentials Management vulnerability in Bestpractical RT

The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database.

5.0
2012-06-09 CVE-2012-2563 Bloxx Cross-Site Scripting vulnerability in Bloxx web Filtering

Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions.

4.3
2012-06-09 CVE-2012-2038 Adobe
Apple
Linux
Microsoft
Google
Opensuse
Suse
Redhat
Information Exposure vulnerability in multiple products

Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

4.3
2012-06-08 CVE-2012-2598 Siemens Buffer Errors vulnerability in Siemens Wincc 7.0

Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.

4.3
2012-06-08 CVE-2012-2595 Siemens Cross-Site Scripting vulnerability in Siemens Wincc 7.0

Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters.

4.3
2012-06-08 CVE-2012-1814 Emerson Cross-Site Scripting vulnerability in Emerson products

Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-07 CVE-2012-2667 Sensiolabs Unspecified vulnerability in Sensiolabs Symfony

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

4.3
2012-06-05 CVE-2012-1944 Mozilla Cross-Site Scripting vulnerability in Mozilla products

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.

4.3
2012-06-05 CVE-2012-2094 Openstack Cross-Site Scripting vulnerability in Openstack Horizon 2012.1/Folsom1

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

4.3
2012-06-05 CVE-2012-1798 Imagemagick
Debian
Redhat
Opensuse
Out-Of-Bounds Read vulnerability in Imagemagick

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

4.3
2012-06-05 CVE-2012-1186 Imagemagick
Debian
Canonical
Opensuse
Infinite Loop vulnerability in Imagemagick

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.

4.3
2012-06-05 CVE-2012-0260 Imagemagick
Canonical
Debian
Redhat
Opensuse
Resource Exhaustion vulnerability in Imagemagick

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

4.3
2012-06-05 CVE-2012-0259 Imagemagick
Debian
Canonical
Opensuse
Out-Of-Bounds Read vulnerability in Imagemagick

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

4.3
2012-06-05 CVE-2012-0248 Imagemagick
Debian
Canonical
Redhat
Infinite Loop vulnerability in Imagemagick

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

4.3
2012-06-04 CVE-2012-0944 Sebastian Heinlein
Canonical
Improper Authentication vulnerability in multiple products

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

4.3
2012-06-04 CVE-2012-0862 Xinetd Improper Input Validation vulnerability in Xinetd

builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.

4.3
2012-06-04 CVE-2011-2083 Bestpractical Cross-Site Scripting vulnerability in Bestpractical RT

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-04 CVE-2012-1254 Segue Project Cross-Site Scripting vulnerability in Segue Project Segue

Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-04 CVE-2012-2630 Bandainamcogames Credentials Management vulnerability in Bandainamcogames Madomagi-Ip Android 1.05

The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application.

4.3
2012-06-04 CVE-2012-1252 Rssowl Cross-Site Scripting vulnerability in Rssowl

Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.

4.3
2012-06-08 CVE-2012-2597 Siemens Path Traversal vulnerability in Siemens Wincc 7.0

Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.

4.0
2012-06-07 CVE-2012-1013 MIT Denial Of Service vulnerability in MIT Kerberos 5 'check_1_6_dummy()' Function NULL Pointer Dereference

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.

4.0
2012-06-04 CVE-2011-2084 Bestpractical Information Exposure vulnerability in Bestpractical RT

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-07 CVE-2012-2101 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Nova 2011.3/2012.1/Folsom

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

3.5
2012-06-04 CVE-2011-4459 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.

3.5
2012-06-05 CVE-2012-1945 Mozilla Information Exposure vulnerability in Mozilla products

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.

2.9
2012-06-04 CVE-2012-1253 Roundcube Cross-Site Scripting vulnerability in Roundcube Webmail

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

2.6
2012-06-07 CVE-2012-0948 Gnome
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

2.1