Weekly Vulnerabilities Reports > September 10 to 16, 2012

Overview

174 new vulnerabilities reported during this period, including 44 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 106 products from 50 vendors including Apple, Ffmpeg, Libav, Cisco, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Resource Management Errors".

  • 170 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 157 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 51 reported vulnerabilities.
  • Ffmpeg has the most reported critical vulnerabilities, with 28 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

44 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-09-10 CVE-2012-2804 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.

10.0
2012-09-10 CVE-2012-2803 Libav
Ffmpeg
Resource Management Errors vulnerability in multiple products

Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.

10.0
2012-09-10 CVE-2012-2802 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."

10.0
2012-09-10 CVE-2012-2801 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."

10.0
2012-09-10 CVE-2012-2800 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "tile size ...

10.0
2012-09-10 CVE-2012-2799 Ffmpeg Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset."

10.0
2012-09-10 CVE-2012-2798 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

10.0
2012-09-10 CVE-2012-2797 Ffmpeg
Libav
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."

10.0
2012-09-10 CVE-2012-2796 Ffmpeg
Libav
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes."

10.0
2012-09-10 CVE-2012-2795 Ffmpeg Multiple Unspecified vulnerability in FFmpeg

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()."

10.0
2012-09-10 CVE-2012-2794 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ...

10.0
2012-09-10 CVE-2012-2793 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors related to "too many zeros."

10.0
2012-09-10 CVE-2012-2792 Ffmpeg Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame.

10.0
2012-09-10 CVE-2012-2791 Ffmpeg
Libav
Multiple Unspecified vulnerability in FFmpeg

Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack vectors, related to the "transform size."

10.0
2012-09-10 CVE-2012-2790 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode."

10.0
2012-09-10 CVE-2012-2789 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs).

10.0
2012-09-10 CVE-2012-2788 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."

10.0
2012-09-10 CVE-2012-2787 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "setup width/height."

10.0
2012-09-10 CVE-2012-2786 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array write."

10.0
2012-09-10 CVE-2012-2785 Ffmpeg Multiple Unspecified vulnerability in FFmpeg

Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value.

10.0
2012-09-10 CVE-2012-2784 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.

10.0
2012-09-10 CVE-2012-2783 Ffmpeg
Libav
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."

10.0
2012-09-10 CVE-2012-2782 Ffmpeg Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change."

10.0
2012-09-10 CVE-2012-2779 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."

10.0
2012-09-10 CVE-2012-2777 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.

10.0
2012-09-10 CVE-2012-2776 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."

10.0
2012-09-10 CVE-2012-2775 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."

10.0
2012-09-10 CVE-2012-2772 Libav
Ffmpeg
Multiple Unspecified vulnerability in FFmpeg

Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."

10.0
2012-09-16 CVE-2012-3088 Cisco Remote Security vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0/3.2.0

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

9.3
2012-09-15 CVE-2012-4924 Asus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asus Ipswcom Activex Component and Net4Switch

Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.

9.3
2012-09-15 CVE-2011-5172 Powerproduction Buffer Errors vulnerability in Powerproduction Storyboard Quick 6.0

Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file.

9.3
2012-09-15 CVE-2011-5171 Cyberlink Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cyberlink Power2Go 7.0/8.0

Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.

9.3
2012-09-15 CVE-2011-5170 Castillobueno Buffer Errors vulnerability in Castillobueno Ccmplayer 1.5

Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist.

9.3
2012-09-15 CVE-2011-5167 Oracle
Tidestone
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.

9.3
2012-09-15 CVE-2011-5165 Cleanersoft Buffer Errors vulnerability in Cleanersoft Free MP3 CD Ripper 1.1/2.5

Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.

9.3
2012-09-15 CVE-2011-5164 Vandyke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Vandyke Absoluteftp

Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 through 2.2.10 allows remote FTP servers to execute arbitrary code via a crafted file name in a LIST command response.

9.3
2012-09-15 CVE-2011-5162 Gomlab Buffer Errors vulnerability in Gomlab GOM Player 2.1.33.5071

Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag.

9.3
2012-09-13 CVE-2012-4907 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.

9.3
2012-09-13 CVE-2012-3701 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3
2012-09-13 CVE-2012-3687 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3
2012-09-13 CVE-2012-3632 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3
2012-09-13 CVE-2012-3621 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3
2012-09-13 CVE-2012-3607 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3
2012-09-13 CVE-2012-3606 Apple Buffer Errors vulnerability in Apple Iphone OS and Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-09-13 CVE-2012-3703 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

8.3
2012-09-16 CVE-2012-3079 Cisco Resource Management Errors vulnerability in Cisco IOS 12.2

Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957.

7.8
2012-09-16 CVE-2012-3060 Cisco Resource Management Errors vulnerability in Cisco Unity Connection 8.6/9.0/9.5

Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269.

7.8
2012-09-14 CVE-2012-4244 ISC Remote Denial of Service vulnerability in ISC BIND 9 DNS Resource Records Handling

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

7.8
2012-09-12 CVE-2012-4629 Cisco Resource Management Errors vulnerability in Cisco products

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603.

7.8
2012-09-12 CVE-2012-3935 Cisco Buffer Errors vulnerability in Cisco products

Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.

7.8
2012-09-15 CVE-2012-4927 Limesurvey SQL Injection vulnerability in Limesurvey

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

7.5
2012-09-15 CVE-2012-4925 Imgpals SQL Injection vulnerability in Imgpals IMG Pals Photo Host 1.0

Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action.

7.5
2012-09-15 CVE-2011-5175 Bananadance SQL Injection vulnerability in Bananadance Banana Dance 0.9/1.5

SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2012-09-15 CVE-2011-5169 Dell SQL Injection vulnerability in Dell Sonicwall Viewpoint 6.0

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.

7.5
2012-09-15 CVE-2011-5168 Bananadance SQL Injection vulnerability in Bananadance Banana Dance 0.9

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2012-09-15 CVE-2011-5166 Elif Keir Buffer Errors vulnerability in Elif Keir Knftp 1.0.0

Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote attackers to execute arbitrary code via a long string to the (1) USER, (2) PASS, (3) REIN, (4) QUIT, (5) PORT, (6) PASV, (7) TYPE, (8) STRU, (9) MODE, (10) RETR, (11) STOR, (12) APPE, (13) ALLO, (14) REST, (15) RNFR, (16) RNTO, (17) ABOR, (18) DELE, (19) CWD, (20) LIST, (21) NLST, (22) SITE, (23) STST, (24) HELP, (25) NOOP, (26) MKD, (27) RMD, (28) PWD, (29) CDUP, (30) STOU, (31) SNMT, (32) SYST, and (33) XPWD commands.

7.5
2012-09-13 CVE-2012-4908 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.

7.5
2012-09-12 CVE-2012-3234 Realnetworks Numeric Errors vulnerability in Realnetworks Realplayer and Realplayer SP

RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.

7.5
2012-09-12 CVE-2012-2409 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.

7.5
2012-09-12 CVE-2012-2407 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.

7.5
2012-09-15 CVE-2011-5174 Intel Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Intel products

Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

7.2
2012-09-14 CVE-2012-3955 ISC
Debian
Canonical
Denial of Service vulnerability in ISC DHCP IPv6 Lease Expiration Handling

ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced.

7.1

106 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-09-16 CVE-2012-3052 Cisco Unspecified vulnerability in Cisco VPN Client

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747.

6.9
2012-09-16 CVE-2012-3908 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.

6.8
2012-09-15 CVE-2012-2275 Teamst Cross-Site Request Forgery (CSRF) vulnerability in Teamst Testlink

Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.

6.8
2012-09-15 CVE-2011-5173 Bugbear Buffer Errors vulnerability in Bugbear Flatout 2005

Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field in a bed file.

6.8
2012-09-13 CVE-2012-3712 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3711 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3710 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3709 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3708 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3707 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3706 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3705 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3704 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3702 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3700 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3699 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3692 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3688 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3685 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3684 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3677 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3676 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3675 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3673 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3672 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3671 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3660 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3659 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3658 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3657 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3654 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3652 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3651 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3649 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3648 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3647 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3643 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3624 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3623 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3622 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3617 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3616 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3614 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3613 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3612 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3602 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3601 Apple Memory Corruption vulnerability in WebKit

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-13 CVE-2012-3598 Apple Unspecified vulnerability in Apple Itunes

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

6.8
2012-09-12 CVE-2012-2410 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409.

6.8
2012-09-12 CVE-2012-2408 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding.

6.8
2012-09-11 CVE-2012-4893 Gentoo Cross-Site Request Forgery (CSRF) vulnerability in Gentoo Webmin

Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.

6.8
2012-09-10 CVE-2012-2184 IBM Unspecified vulnerability in IBM products

Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2012-09-10 CVE-2012-2183 IBM Unspecified vulnerability in IBM products

Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2012-09-10 CVE-2012-0714 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2012-09-14 CVE-2010-5106 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.

6.5
2012-09-11 CVE-2012-2982 Gentoo Unspecified vulnerability in Gentoo Webmin

file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.

6.5
2012-09-10 CVE-2012-0747 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2012-09-10 CVE-2012-0728 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2012-09-10 CVE-2012-0727 IBM SQL Injection vulnerability in IBM products

SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.5
2012-09-15 CVE-2012-4926 Imgpals Improper Authentication vulnerability in Imgpals IMG Pals Photo Host 1.0

approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action.

6.4
2012-09-16 CVE-2012-3895 Cisco Denial-Of-Service vulnerability in IOS

Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224.

6.3
2012-09-16 CVE-2012-3893 Cisco Denial-Of-Service vulnerability in Cisco IOS 15.2/15.3

The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622.

6.3
2012-09-16 CVE-2012-3051 Cisco Remote Denial of Service vulnerability in Cisco Nexus 7000 Series Switches NX-OS

Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822.

6.1
2012-09-11 CVE-2012-3572 Nurul Hidayah Hamazulan
Oscc
Improper Input Validation vulnerability in multiple products

Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document.

6.0
2012-09-11 CVE-2012-2981 Gentoo Improper Input Validation vulnerability in Gentoo Webmin

Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.

6.0
2012-09-10 CVE-2012-4404 Moinmo Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

6.0
2012-09-16 CVE-2012-3919 Cisco Resource Management Errors vulnerability in Cisco Application Control Engine Module 3.0

The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879.

5.0
2012-09-16 CVE-2012-3915 Cisco Buffer Errors vulnerability in Cisco IOS 15.2

The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602.

5.0
2012-09-16 CVE-2012-3901 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144.

5.0
2012-09-16 CVE-2012-3899 Cisco Resource Management Errors vulnerability in Cisco products

sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051.

5.0
2012-09-16 CVE-2012-3094 Cisco
Linux
Information Exposure vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.

5.0
2012-09-15 CVE-2012-4001 Google
Apache
Improper Input Validation vulnerability in Google MOD Pagespeed

The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

5.0
2012-09-14 CVE-2012-4817 IBM Remote Denial of Service vulnerability in IBM AIX GID in NFSv4

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2012-09-14 CVE-2012-4683 Bitcoin Denial-Of-Service vulnerability in Bitcoin-Qt

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.

5.0
2012-09-14 CVE-2012-4682 Bitcoin Denial-Of-Service vulnerability in Bitcoin-Qt

Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683.

5.0
2012-09-14 CVE-2012-4922 Torproject Improper Input Validation vulnerability in Torproject TOR

The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

5.0
2012-09-14 CVE-2012-4419 Torproject Unspecified vulnerability in Torproject TOR

The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

5.0
2012-09-13 CVE-2012-4906 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.

5.0
2012-09-13 CVE-2012-4903 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.

5.0
2012-09-12 CVE-2012-2048 Adobe Local Denial of Service vulnerability in Adobe ColdFusion

Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.

5.0
2012-09-11 CVE-2012-2983 Gentoo Improper Authentication vulnerability in Gentoo Webmin

file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.

5.0
2012-09-10 CVE-2012-2774 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, related to starting "a frame outside SETUP state."

5.0
2012-09-15 CVE-2011-5163 Mitsubishi Automation
Schneider Electric
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in an unspecified third-party component in the Batch module for Schneider Electric CitectSCADA before 7.20 and Mitsubishi MX4 SCADA before 7.20 allows local users to execute arbitrary code via a long string in a login sequence.

4.6
2012-09-15 CVE-2012-4928 Oxwall Cross-Site Scripting vulnerability in Oxwall 1.1.1

Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.

4.3
2012-09-15 CVE-2012-4923 Endian Cross-Site Scripting vulnerability in Endian Firewall 2.4

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi.

4.3
2012-09-15 CVE-2012-4336 Mike Carr Cross-Site Scripting vulnerability in Mike Carr Flogr

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.

4.3
2012-09-15 CVE-2012-3458 Python Cryptographic Issues vulnerability in Python Beaker

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

4.3
2012-09-15 CVE-2012-3233 Kayako Cross-Site Scripting vulnerability in Kayako Fusion 4.40.1148

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2012-09-15 CVE-2011-5176 Bananadance Cross-Site Scripting vulnerability in Bananadance Banana Dance 0.9/1.5

Multiple cross-site scripting (XSS) vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) category parameter.

4.3
2012-09-15 CVE-2012-4360 Google
Apache
Cross-Site Scripting vulnerability in Google MOD Pagespeed 0.10.19.1/0.10.22.4

Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-09-14 CVE-2012-4013 Cybozu Information Exposure vulnerability in Cybozu Kunai Browser FOR Remote Service

The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.

4.3
2012-09-13 CVE-2012-4909 Google Information Exposure vulnerability in Google Chrome

Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.

4.3
2012-09-13 CVE-2012-4905 Google Cross-Site Scripting vulnerability in Google Chrome

Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."

4.3
2012-09-13 CVE-2012-4904 Google Cross-Site Scripting vulnerability in Google Chrome

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

4.3
2012-09-11 CVE-2012-2975 F5 Cross-Site Scripting vulnerability in F5 Application Security Manager Appliance 10.0.0/11.2.0

Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.

4.3
2012-09-11 CVE-2012-2536 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."

4.3
2012-09-11 CVE-2012-1892 Microsoft Cross-Site Scripting vulnerability in Microsoft Visual Studio Team Foundation Server 2010

Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."

4.3
2012-09-10 CVE-2012-4892 Flatnux Cross-Site Scripting vulnerability in Flatnux

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890.

4.3
2012-09-10 CVE-2012-4891 Manageengine Cross-Site Scripting vulnerability in Manageengine Firewall Analyzer 7.2

Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889.

4.3
2012-09-10 CVE-2012-4890 Flatnux Cross-Site Scripting vulnerability in Flatnux

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

4.3
2012-09-10 CVE-2012-4889 Manageengine Cross-Site Scripting vulnerability in Manageengine Firewall Analyzer 7.2

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

4.3
2012-09-10 CVE-2012-3326 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-09-10 CVE-2012-3313 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-09-16 CVE-2012-3096 Cisco Denial-Of-Service vulnerability in Cisco Unity Connection 7.1/8.0/8.5

Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.

4.0
2012-09-14 CVE-2012-4421 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.

4.0
2012-09-10 CVE-2012-2185 IBM Information Exposure vulnerability in IBM products

IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-09-16 CVE-2012-3924 Cisco Unspecified vulnerability in Cisco IOS 15.1/15.2

The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961.

3.5
2012-09-16 CVE-2012-3923 Cisco Unspecified vulnerability in Cisco IOS

The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827.

3.5
2012-09-14 CVE-2012-4422 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.

3.5
2012-09-10 CVE-2012-0746 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2012-09-15 CVE-2012-4930 Google
Mozilla
Cryptographic Issues vulnerability in multiple products

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

2.6
2012-09-15 CVE-2012-4929 Debian
Google
Mozilla
Cryptographic Issues vulnerability in multiple products

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

2.6