Weekly Vulnerabilities Reports > February 25 to March 3, 2013

Overview

3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 9 products from 5 vendors including Adobe, Opensuse, Redhat, Suse, and Linux. Vulnerabilities are notably categorized as and "Resource Management Errors".

  • 2 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are exploitable by an anonymous user.
  • Adobe has the most reported vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-02-27 CVE-2013-0648 Adobe
Suse
Opensuse
Redhat
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
8.8
2013-02-27 CVE-2013-0643 Adobe
Redhat
Suse
Opensuse
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
8.8

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-03-01 CVE-2011-2479 Linux Resource Management Errors vulnerability in Linux Kernel

The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.

5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS