Weekly Vulnerabilities Reports > November 5 to 11, 2012

Overview

50 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 36 products from 28 vendors including Apple, Google, Linux, Microsoft, and Adobe. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", and "Improper Authentication".

  • 50 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 43 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 16 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-07 CVE-2012-3270 HP Security vulnerability in HP Performance Insight 5.31/5.40/5.41

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269.

10.0
2012-11-07 CVE-2012-5280 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.

10.0
2012-11-07 CVE-2012-5279 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2012-11-07 CVE-2012-5278 Adobe
Apple
Microsoft
Linux
Google
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, AIR SDK and Flash Player

Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors.

10.0
2012-11-07 CVE-2012-5277 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5280.

10.0
2012-11-07 CVE-2012-5276 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280.

10.0
2012-11-07 CVE-2012-5275 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.

10.0
2012-11-07 CVE-2012-5274 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280.

10.0
2012-11-09 CVE-2012-3758 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file.

9.3
2012-11-09 CVE-2012-3757 Apple Memory Corruption vulnerability in Apple QuickTime

Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.

9.3
2012-11-09 CVE-2012-3756 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rnet box in an MP4 movie file.

9.3
2012-11-09 CVE-2012-3755 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.

9.3
2012-11-09 CVE-2012-3754 Apple Resource Management Errors vulnerability in Apple Quicktime

Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

9.3
2012-11-09 CVE-2012-3753 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.

9.3
2012-11-09 CVE-2012-3752 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.

9.3
2012-11-09 CVE-2012-3751 Apple Resource Management Errors vulnerability in Apple Quicktime

Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element.

9.3
2012-11-09 CVE-2011-1374 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted REGION record in a PICT file.

9.3

1 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-07 CVE-2012-3269 HP Security vulnerability in HP Performance Insight 5.31/5.40/5.41

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270.

7.5

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-11 CVE-2012-4732 Bestpractical Cross-Site Request Forgery (CSRF) vulnerability in Bestpractical RT

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.

6.8
2012-11-11 CVE-2012-4553 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."

6.8
2012-11-11 CVE-2012-4540 Opensuse
Redhat
Numeric Errors vulnerability in multiple products

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a "triggering event attached to applet." NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one.

6.8
2012-11-11 CVE-2012-4515 KDE Resource Management Errors vulnerability in KDE 4.7.3

Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.

6.8
2012-11-11 CVE-2012-3523 ISC Permissions, Privileges, and Access Controls vulnerability in ISC INN

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

6.8
2012-11-11 CVE-2012-4513 KDE Buffer Errors vulnerability in KDE 4.7.3

khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.

6.4
2012-11-10 CVE-2012-2455 Advance Productivity Software Permissions, Privileges, and Access Controls vulnerability in Advance Productivity Software DTE Axiom

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors.

6.4
2012-11-08 CVE-2012-4022 Simon Brown Permissions, Privileges, and Access Controls vulnerability in Simon Brown Pebble

Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.

6.4
2012-11-11 CVE-2012-4548 Lars Hjemli Remote Command Injection vulnerability in cgit 'syntax-highlighting.sh'

Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in argument to the highlight command.

6.0
2012-11-06 CVE-2011-5243 Abraham Williams Improper Input Validation vulnerability in Abraham Williams Twitteroauth

TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5242 Themattharris Improper Input Validation vulnerability in Themattharris Tmhoauth

tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5241 Services Twitter Group Improper Input Validation vulnerability in Services Twitter Group Services Twitter 0.6.3

Services_Twitter 0.6.3 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5240 Magentocommerce Improper Input Validation vulnerability in Magentocommerce Magento 1.5/1.6.2

Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5239 Civicrm Improper Input Validation vulnerability in Civicrm 4.0.5/4.1.1

CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5238 Google Improper Input Validation vulnerability in Google Checkout-PHP

google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5237 Paypal Improper Input Validation vulnerability in Paypal WPS Toolkit

PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-06 CVE-2011-5236 Moneris Improper Input Validation vulnerability in Moneris Eselect Plus 2.03

Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

5.8
2012-11-11 CVE-2012-5482 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack products

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.

5.5
2012-11-11 CVE-2012-4573 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack products

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

5.5
2012-11-08 CVE-2012-4021 Mosp Improper Authentication vulnerability in Mosp Kintai Kanri

MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors.

5.5
2012-11-11 CVE-2012-4884 Bestpractical Code Injection vulnerability in Bestpractical RT

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

5.0
2012-11-11 CVE-2012-4734 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

5.0
2012-11-11 CVE-2012-4554 Drupal Permissions, Privileges, and Access Controls vulnerability in Drupal

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.

5.0
2012-11-11 CVE-2012-4514 KDE Unspecified vulnerability in KDE

rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."

5.0
2012-11-08 CVE-2012-5171 BE Graph Path Traversal vulnerability in Be-Graph Bezip

Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file.

5.0
2012-11-08 CVE-2012-3315 IBM Improper Authentication vulnerability in IBM products

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.

5.0
2012-11-07 CVE-2012-5424 Cisco Improper Input Validation vulnerability in Cisco Secure Access Control Server

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.

5.0
2012-11-11 CVE-2012-5827 Joomla Clickjacking Security Bypass vulnerability in Joomla!

Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."

4.3
2012-11-08 CVE-2012-4023 Simon Brown Improper Input Validation vulnerability in Simon Brown Pebble

CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3
2012-11-11 CVE-2012-4731 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical Rtfm

FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.

4.0
2012-11-08 CVE-2012-4020 Mosp Permissions, Privileges, and Access Controls vulnerability in Mosp Kintai Kanri

MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-11-11 CVE-2012-4730 Bestpractical Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.

3.5