Weekly Vulnerabilities Reports > June 18 to 24, 2012

Overview

83 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 115 products from 41 vendors including Linux, IBM, Cisco, Qemu, and Rubyonrails. Vulnerabilities are notably categorized as "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Resource Management Errors".

  • 54 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 76 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-22 CVE-2012-0187 IBM Unspecified vulnerability in IBM Lotus Expeditor

Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.

9.3
2012-06-21 CVE-2012-1616 Argyllcms
Color
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.

9.3
2012-06-20 CVE-2012-2493 Cisco
Microsoft
Apple
Linux
Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

9.3
2012-06-20 CVE-2012-2175 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Inotes

Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.

9.3
2012-06-20 CVE-2012-2174 IBM Code Injection vulnerability in IBM Lotus Notes

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.

9.3

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-21 CVE-2011-4913 Novell
Linux
Improper Input Validation vulnerability in multiple products

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket.

7.8
2012-06-20 CVE-2012-3058 Cisco Unspecified vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134.

7.8
2012-06-22 CVE-2012-2695 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.

7.5
2012-06-21 CVE-2011-1493 Linux Unspecified vulnerability in Linux Kernel

Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket.

7.5
2012-06-21 CVE-2012-3791 CMS Center SQL Injection vulnerability in Cms-Center Simple web Content Management System 1.1

Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.

7.5
2012-06-21 CVE-2012-2718 Drupal ID
Drupal
SQL Injection vulnerability in Drupal-Id Counter Module 6.0

SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."

7.5
2012-06-21 CVE-2012-2149 Redhat
Apache
Libwpd
Numeric Errors vulnerability in multiple products

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used.

7.5
2012-06-21 CVE-2012-1149 Libreoffice
Debian
Redhat
Apache
Fedoraproject
Numeric Errors vulnerability in multiple products

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

7.5
2012-06-21 CVE-2011-4599 ICU Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Icu-Project International Components FOR Unicode

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

7.5
2012-06-19 CVE-2012-0802 Spamdyke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Spamdyke

Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer.

7.5
2012-06-19 CVE-2009-0695 Dell Improper Authentication vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2

hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action.

7.5
2012-06-19 CVE-2009-0693 Dell Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dell Wyse Device Manager 4.7.0/4.7.1/4.7.2

Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow remote attackers to execute arbitrary code via (1) the User-Agent HTTP header to hserver.dll or (2) unspecified input to hagent.exe.

7.5
2012-06-18 CVE-2011-3671 Mozilla Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element.

7.5
2012-06-21 CVE-2011-2212 Qemu Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Qemu

Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."

7.4
2012-06-21 CVE-2011-1751 Qemu Improper Input Validation vulnerability in Qemu

The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."

7.4
2012-06-21 CVE-2011-1750 Qemu Buffer Errors vulnerability in Qemu 0.14.0

Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.

7.4
2012-06-21 CVE-2012-0028 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process.

7.2
2012-06-21 CVE-2011-1477 Linux
Suse
Buffer Errors vulnerability in Linux Kernel

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

7.2
2012-06-20 CVE-2012-3063 Cisco Race Condition vulnerability in Cisco Application Control Engine Software

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

7.1
2012-06-19 CVE-2012-3006 Innominate Cryptographic Issues vulnerability in Innominate Mguard Firmware

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

7.1

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-22 CVE-2012-2179 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3/6.1/7.1

libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

6.9
2012-06-22 CVE-2012-0304 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Liveupdate Administrator

Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file.

6.9
2012-06-19 CVE-2012-2753 Checkpoint Unspecified vulnerability in Checkpoint products

Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9
2012-06-21 CVE-2012-2716 David Stosik
Drupal
Cross-Site Request Forgery (CSRF) vulnerability in David Stosik Comment Moderation 6.X1.0/6.X1.Xdev

Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments.

6.8
2012-06-20 CVE-2012-2496 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client 3.0

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

6.8
2012-06-19 CVE-2012-2334 Apache
Libreoffice
Numeric Errors vulnerability in multiple products

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

6.8
2012-06-22 CVE-2012-2171 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

6.5
2012-06-22 CVE-2012-2660 Rubyonrails Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.

6.4
2012-06-21 CVE-2011-4914 Linux
Novell
Improper Input Validation vulnerability in Linux Kernel

The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket.

6.4
2012-06-21 CVE-2012-0219 Dest Unreach Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dest-Unreach Socat

Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.

6.2
2012-06-21 CVE-2011-2709 Umich Permissions, Privileges, and Access Controls vulnerability in Umich Libgssapi and Libgssglue

libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

6.2
2012-06-21 CVE-2011-2512 KVM Group Improper Input Validation vulnerability in KVM Group Qemu-Kvm 0.12

The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.

5.8
2012-06-20 CVE-2012-2159 IBM Improper Input Validation vulnerability in IBM Security Appscan Source and Spss Data Collection

Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

5.8
2012-06-21 CVE-2011-1079 Linux Improper Input Validation vulnerability in Linux Kernel

The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.

5.4
2012-06-22 CVE-2012-2661 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.

5.0
2012-06-22 CVE-2012-0191 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Expeditor

The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.

5.0
2012-06-21 CVE-2012-2127 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.

5.0
2012-06-20 CVE-2012-2173 IBM Credentials Management vulnerability in IBM Security Appscan Source

The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network.

5.0
2012-06-19 CVE-2012-3588 Wordpress Path Traversal vulnerability in Wordpress Plugin Newsletter Plugin 1.5

Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2012-06-19 CVE-2012-0950 Canonical Information Exposure vulnerability in Canonical Ubuntu Linux 11.04/11.10/12.04

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.

5.0
2012-06-21 CVE-2011-4324 Linux Unspecified vulnerability in Linux Kernel

The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service (BUG and system crash) by using the mknod system call with a pathname on an NFSv4 filesystem.

4.9
2012-06-21 CVE-2011-1023 Linux Unspecified vulnerability in Linux Kernel

The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service (BUG_ON and system crash) via vectors involving (1) a loopback (aka loop) transmit operation or (2) an InfiniBand (aka ib) transmit operation.

4.9
2012-06-21 CVE-2010-4250 Linux Resource Management Errors vulnerability in Linux Kernel

Memory leak in the inotify_init1 function in fs/notify/inotify/inotify_user.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory consumption) via vectors involving failed attempts to create files.

4.9
2012-06-20 CVE-2012-2192 IBM Resource Management Errors vulnerability in IBM AIX and Vios

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

4.9
2012-06-21 CVE-2011-1479 Linux Resource Management Errors vulnerability in Linux Kernel

Double free vulnerability in the inotify subsystem in the Linux kernel before 2.6.39 allows local users to cause a denial of service (system crash) via vectors involving failed attempts to create files.

4.7
2012-06-21 CVE-2011-0716 Linux Resource Management Errors vulnerability in Linux Kernel

The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface.

4.7
2012-06-21 CVE-2010-4650 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging the ability to operate a CUSE server.

4.6
2012-06-22 CVE-2012-2694 Rubyonrails Permissions, Privileges, and Access Controls vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.

4.3
2012-06-22 CVE-2012-2172 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

4.3
2012-06-22 CVE-2012-0186 IBM Path Traversal vulnerability in IBM Lotus Expeditor

Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL.

4.3
2012-06-21 CVE-2012-2654 Openstack Improper Input Validation vulnerability in Openstack Compute, Diablo and Essex

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

4.3
2012-06-21 CVE-2011-0011 Qemu Improper Authentication vulnerability in Qemu

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

4.3
2012-06-20 CVE-2012-2495 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Desktop

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.

4.3
2012-06-20 CVE-2012-2494 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.

4.3
2012-06-20 CVE-2012-3790 Adiscon Cross-Site Scripting vulnerability in Adiscon Loganalyzer

Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.

4.3
2012-06-20 CVE-2012-2180 IBM Multiple Security vulnerability in IBM DB2

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

4.3
2012-06-20 CVE-2012-2170 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

4.3
2012-06-20 CVE-2012-2161 IBM Cross-Site Scripting vulnerability in IBM Security Appscan Source and Spss Data Collection

Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2012-06-20 CVE-2012-0720 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2012-06-20 CVE-2012-0716 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-19 CVE-2012-2638 Wap2 Cross-Site Scripting vulnerability in Wap2 Smallpict

Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-19 CVE-2012-2637 Kent WEB Cross-Site Scripting vulnerability in Kent-Web web Patio 4.04

Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.

4.3
2012-06-19 CVE-2012-2636 Kent WEB Cross-Site Scripting vulnerability in Kent-Web web Patio

Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-06-21 CVE-2011-1476 Linux Numeric Errors vulnerability in Linux Kernel

Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer.

4.0
2012-06-20 CVE-2011-5095 Openssl Cryptographic Issues vulnerability in Openssl 0.9.8

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

4.0
2012-06-20 CVE-2011-1923 Polarssl Cryptographic Issues vulnerability in Polarssl

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095.

4.0
2012-06-19 CVE-2012-3553 Digium SCCP Skinny Channel Driver Denial of Service vulnerability in Asterisk

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-21 CVE-2011-1021 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file.

3.6
2012-06-21 CVE-2010-4648 Linux Unspecified vulnerability in Linux Kernel

The orinoco_ioctl_set_auth function in drivers/net/wireless/orinoco/wext.c in the Linux kernel before 2.6.37 does not properly implement a TKIP protection mechanism, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading Wi-Fi frames.

3.3
2012-06-20 CVE-2012-0717 IBM Improper Authentication vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.

2.6
2012-06-19 CVE-2012-3587 Debian Improper Input Validation vulnerability in Debian Advanced Package Tool

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.

2.6
2012-06-19 CVE-2012-0954 Debian Improper Input Validation vulnerability in Debian Advanced Package Tool

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack.

2.6
2012-06-21 CVE-2011-1160 Linux Information Exposure vulnerability in Linux Kernel

The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.

2.1
2012-06-21 CVE-2011-1080 Linux Improper Input Validation vulnerability in Linux Kernel

The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line.

2.1
2012-06-21 CVE-2012-2389 W1 FI Permissions, Privileges, and Access Controls vulnerability in W1.Fi Hostapd 0.7.3

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.

2.1
2012-06-21 CVE-2011-2527 Qemu Permissions, Privileges, and Access Controls vulnerability in Qemu

The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

2.1
2012-06-21 CVE-2011-1078 Linux Information Exposure vulnerability in Linux Kernel

The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option.

1.9
2012-06-21 CVE-2011-0006 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.

1.9