Weekly Vulnerabilities Reports > November 5 to 11, 2012
Overview
50 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 36 products from 28 vendors including Apple, Google, Linux, Microsoft, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", and "Improper Authentication".
- 50 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 43 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 16 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-07 | CVE-2012-3270 | HP | Security vulnerability in HP Performance Insight 5.31/5.40/5.41 Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269. | 10.0 |
2012-11-07 | CVE-2012-5280 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277. | 10.0 |
2012-11-07 | CVE-2012-5279 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2012-11-07 | CVE-2012-5278 | Adobe Apple Microsoft Linux | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | 10.0 |
2012-11-07 | CVE-2012-5277 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280. | 10.0 |
2012-11-07 | CVE-2012-5276 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280. | 10.0 |
2012-11-07 | CVE-2012-5275 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | 10.0 |
2012-11-07 | CVE-2012-5274 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280. | 10.0 |
2012-11-09 | CVE-2012-3758 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file. | 9.3 |
2012-11-09 | CVE-2012-3757 | Apple | Memory Corruption vulnerability in Apple QuickTime Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file. | 9.3 |
2012-11-09 | CVE-2012-3756 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file. | 9.3 |
2012-11-09 | CVE-2012-3755 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. | 9.3 |
2012-11-09 | CVE-2012-3754 | Apple | Resource Management Errors vulnerability in Apple Quicktime Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 9.3 |
2012-11-09 | CVE-2012-3753 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. | 9.3 |
2012-11-09 | CVE-2012-3752 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. | 9.3 |
2012-11-09 | CVE-2012-3751 | Apple | Resource Management Errors vulnerability in Apple Quicktime Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element. | 9.3 |
2012-11-09 | CVE-2011-1374 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file. | 9.3 |
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-07 | CVE-2012-3269 | HP | Security vulnerability in HP Performance Insight 5.31/5.40/5.41 Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270. | 7.5 |
31 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-11 | CVE-2012-4732 | Bestpractical | Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical RT Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. | 6.8 |
2012-11-11 | CVE-2012-4553 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | 6.8 |
2012-11-11 | CVE-2012-4540 | Opensuse Redhat | Numeric Errors vulnerability in multiple products Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one. | 6.8 |
2012-11-11 | CVE-2012-4515 | KDE | Resource Management Errors vulnerability in KDE 4.7.3 Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | 6.8 |
2012-11-11 | CVE-2012-3523 | ISC | Permissions, Privileges, and Access Controls vulnerability in ISC INN The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 6.8 |
2012-11-11 | CVE-2012-4513 | KDE | Buffer Errors vulnerability in KDE 4.7.3 khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | 6.4 |
2012-11-10 | CVE-2012-2455 | Advance Productivity Software | Permissions, Privileges, and Access Controls vulnerability in Advance Productivity Software DTE Axiom Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors. | 6.4 |
2012-11-08 | CVE-2012-4022 | Simon Brown | Permissions, Privileges, and Access Controls vulnerability in Simon Brown Pebble Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment. | 6.4 |
2012-11-11 | CVE-2012-4548 | Lars Hjemli | Remote Command Injection vulnerability in cgit 'syntax-highlighting.sh' Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command. | 6.0 |
2012-11-06 | CVE-2011-5243 | Abraham Williams | Improper Input Validation vulnerability in Abraham Williams Twitteroauth TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5242 | Themattharris | Improper Input Validation vulnerability in Themattharris Tmhoauth tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5241 | Services Twitter Group | Improper Input Validation vulnerability in Services Twitter Group Services Twitter 0.6.3 Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5240 | Magentocommerce | Improper Input Validation vulnerability in Magentocommerce Magento 1.5/1.6.2 Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5239 | Civicrm | Improper Input Validation vulnerability in Civicrm 4.0.5/4.1.1 CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5238 | Improper Input Validation vulnerability in Google Checkout-PHP google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 | |
2012-11-06 | CVE-2011-5237 | Paypal | Improper Input Validation vulnerability in Paypal WPS Toolkit PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-06 | CVE-2011-5236 | Moneris | Improper Input Validation vulnerability in Moneris Eselect Plus 2.03 Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-11 | CVE-2012-5482 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack products The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. | 5.5 |
2012-11-11 | CVE-2012-4573 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack products The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. | 5.5 |
2012-11-08 | CVE-2012-4021 | Mosp | Improper Authentication vulnerability in Mosp Kintai Kanri MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors. | 5.5 |
2012-11-11 | CVE-2012-4884 | Bestpractical | Code Injection vulnerability in Bestpractical RT Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client. | 5.0 |
2012-11-11 | CVE-2012-4734 | Bestpractical | Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | 5.0 |
2012-11-11 | CVE-2012-4554 | Drupal | Permissions, Privileges, and Access Controls vulnerability in Drupal The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | 5.0 |
2012-11-11 | CVE-2012-4514 | KDE | Unspecified vulnerability in KDE rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | 5.0 |
2012-11-08 | CVE-2012-5171 | BE Graph | Path Traversal vulnerability in Be-Graph Bezip Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file. | 5.0 |
2012-11-08 | CVE-2012-3315 | IBM | Improper Authentication vulnerability in IBM products The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | 5.0 |
2012-11-07 | CVE-2012-5424 | Cisco | Improper Input Validation vulnerability in Cisco Secure Access Control Server Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. | 5.0 |
2012-11-11 | CVE-2012-5827 | Joomla | Clickjacking Security Bypass vulnerability in Joomla! Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection." | 4.3 |
2012-11-08 | CVE-2012-4023 | Simon Brown | Improper Input Validation vulnerability in Simon Brown Pebble CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 4.3 |
2012-11-11 | CVE-2012-4731 | Bestpractical | Permissions, Privileges, and Access Controls vulnerability in Bestpractical Rtfm FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | 4.0 |
2012-11-08 | CVE-2012-4020 | Mosp | Permissions, Privileges, and Access Controls vulnerability in Mosp Kintai Kanri MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-11-11 | CVE-2012-4730 | Bestpractical | Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | 3.5 |