Vulnerability Summary for the Week of January 10, 2011
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aimluck -- aipo | SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2011-01-13 | 7.5 | CVE-2010-3924 BID SECUNIA JVNDB JVN CONFIRM |
ca -- arcserve_replication_and_high_availability | Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx. | 2011-01-07 | 7.5 | CVE-2010-3984 CONFIRM MISC SECTRACK BID BUGTRAQ SECUNIA |
cisco -- adaptive_security_appliance_software | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier, and Cisco PIX Security Appliances devices, allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti24526. | 2011-01-07 | 7.8 | CVE-2010-4670 MISC CONFIRM MISC MISC MISC |
cisco -- ios | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS before 15.0(1)XA5 allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package, aka Bug ID CSCti33534. | 2011-01-07 | 7.8 | CVE-2010-4671 MISC CONFIRM MISC MISC MISC |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(3) and earlier allow remote attackers to cause a denial of service (block exhaustion) via EIGRP traffic that triggers an EIGRP multicast storm, aka Bug ID CSCtf20269. | 2011-01-07 | 7.8 | CVE-2010-4672 CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allow remote attackers to cause a denial of service via a flood of packets, aka Bug ID CSCtg06316. | 2011-01-07 | 7.8 | CVE-2010-4673 CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2(4) and earlier allows remote attackers to cause a denial of service (block exhaustion) via multicast traffic, aka Bug ID CSCtg63992. | 2011-01-07 | 7.8 | CVE-2010-4674 CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly determine the interfaces for which TELNET connections should be permitted, which allows remote authenticated users to bypass intended access restrictions via vectors involving the "lowest security level interface," aka Bug ID CSCsv40504. | 2011-01-07 | 9.0 | CVE-2010-4675 CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769. | 2011-01-07 | 7.5 | CVE-2010-4678 CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) do not properly handle Online Certificate Status Protocol (OCSP) connection failures, which allows remote OCSP responders to cause a denial of service (TCP socket exhaustion) by rejecting connection attempts, aka Bug ID CSCsz36816. | 2011-01-07 | 7.8 | CVE-2010-4679 CONFIRM |
cisco -- adaptive_security_appliance_software | The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777. | 2011-01-07 | 9.0 | CVE-2010-4680 CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to bypass SMTP inspection via vectors involving a prepended space character, aka Bug ID CSCte14901. | 2011-01-07 | 7.5 | CVE-2010-4681 CONFIRM |
cisco -- adaptive_security_appliance_software | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (memory consumption) by making multiple incorrect LDAP authentication attempts, aka Bug ID CSCtf29867. | 2011-01-07 | 7.8 | CVE-2010-4682 CONFIRM |
cisco -- ios | Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336. | 2011-01-07 | 7.8 | CVE-2009-5038 CONFIRM |
cisco -- ios | Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | 2011-01-07 | 7.8 | CVE-2009-5039 CONFIRM |
cisco -- ios | Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | 2011-01-07 | 7.8 | CVE-2010-4683 CONFIRM |
cisco -- ios | Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote attackers to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877. | 2011-01-07 | 7.1 | CVE-2010-4684 CONFIRM |
cisco -- ios | CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950. | 2011-01-07 | 7.8 | CVE-2010-4686 CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability in the SIP inspection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) by making many SIP calls, aka Bug ID CSCte20030. | 2011-01-07 | 7.8 | CVE-2010-4688 CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. | 2011-01-07 | 7.8 | CVE-2010-4689 CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via multicast traffic, aka Bug IDs CSCtg61810 and CSCtg69742. | 2011-01-07 | 7.8 | CVE-2010-4691 CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) allows remote attackers to cause a denial of service (device crash) via a large number of LAN-to-LAN (aka L2L) IPsec sessions, aka Bug ID CSCth36592. | 2011-01-07 | 7.8 | CVE-2010-4692 CONFIRM |
freetype -- freetype | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | 2011-01-07 | 9.3 | CVE-2010-3311 REDHAT REDHAT CONFIRM UBUNTU BID REDHAT DEBIAN SUSE |
fribidi -- gnu_fribidi | Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences. | 2011-01-10 | 7.5 | CVE-2010-3444 MISC CONFIRM VUPEN BID SECUNIA FEDORA FEDORA |
gnu -- glibc | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | 2011-01-07 | 7.2 | CVE-2010-3856 CONFIRM MLIST REDHAT VUPEN CONFIRM UBUNTU BID BUGTRAQ REDHAT DEBIAN CONFIRM GENTOO SECUNIA FULLDISC |
gnu -- gimp | Stack-based buffer overflow in the loadit function in plug-ins/common/sphere-designer.c in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long "Number of lights" field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. | 2011-01-07 | 9.3 | CVE-2010-4541 CONFIRM VUPEN MLIST MLIST MISC |
gnu -- gimp | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 7.5 | CVE-2010-4543 CONFIRM VUPEN OSVDB MLIST MLIST MISC |
google -- chrome | The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2011-01-14 | 10.0 | CVE-2011-0471 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document. | 2011-01-14 | 9.3 | CVE-2011-0472 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | 2011-01-14 | 10.0 | CVE-2011-0473 CONFIRM CONFIRM |
hp -- openview_network_node_manager | Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter. | 2011-01-13 | 10.0 | CVE-2011-0261 MISC HP HP |
hp -- openview_network_node_manager | Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe. | 2011-01-13 | 10.0 | CVE-2011-0262 MISC HP HP |
hp -- openview_network_node_manager | Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable. | 2011-01-13 | 10.0 | CVE-2011-0263 MISC HP HP |
hp -- openview_network_node_manager | Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable. | 2011-01-13 | 10.0 | CVE-2011-0264 MISC HP HP |
hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0265 MISC HP HP |
hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2. | 2011-01-13 | 10.0 | CVE-2011-0266 MISC HP HP |
hp -- openview_network_node_manager | Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266. | 2011-01-13 | 10.0 | CVE-2011-0267 MISC HP HP |
hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0268 MISC HP HP |
hp -- openview_network_node_manager | Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter. | 2011-01-13 | 10.0 | CVE-2011-0269 MISC HP HP |
hp -- openview_network_node_manager | Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name. | 2011-01-13 | 10.0 | CVE-2011-0270 MISC HP HP |
hp -- openview_network_node_manager | The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability." | 2011-01-13 | 10.0 | CVE-2011-0271 HP HP IDEFENSE |
imgburn -- imgburn | Untrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file. | 2011-01-10 | 9.3 | CVE-2011-0403 XF BID SECUNIA MISC OSVDB |
linux -- linux_kernel | Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in the Linux kernel allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted iovec struct in a Reliable Datagram Sockets (RDS) request, which triggers a buffer overflow. | 2011-01-10 | 7.2 | CVE-2010-3865 XF MLIST MLIST BID REDHAT MLIST MLIST SUSE SUSE SUSE |
linux -- kernel | Race condition in the Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. | 2011-01-10 | 7.1 | CVE-2010-4526 CONFIRM MLIST MLIST CONFIRM |
microsoft -- windows_2003_server | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. | 2011-01-07 | 7.8 | CVE-2010-4669 MISC MISC MISC MISC |
microsoft -- ie | Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references. | 2011-01-07 | 10.0 | CVE-2011-0346 CERT-VN XF VUPEN BID BUGTRAQ MISC MISC MISC MISC FULLDISC |
microsoft -- ie | Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz. | 2011-01-07 | 9.3 | CVE-2011-0347 BUGTRAQ MISC MISC MISC MISC FULLDISC |
microsoft -- data_access_components | Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." | 2011-01-11 | 9.3 | CVE-2011-0026 MS |
microsoft -- data_access_components | Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. | 2011-01-11 | 9.3 | CVE-2011-0027 MS |
netsupport -- netsupport_manager_agent | Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252. | 2011-01-10 | 7.5 | CVE-2011-0404 XF VUPEN SECTRACK BID MISC EXPLOIT-DB SECUNIA FULLDISC |
novell -- suse_linux | The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors. | 2011-01-12 | 10.0 | CVE-2010-3912 SUSE |
opensc-project -- opensc | Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. | 2011-01-07 | 7.2 | CVE-2010-4523 CONFIRM CONFIRM CONFIRM MISC MLIST MLIST MISC CONFIRM VUPEN SECUNIA SECUNIA FEDORA FEDORA |
phenotype-cms -- phenotype_cms | SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information. | 2011-01-10 | 7.5 | CVE-2011-0407 XF BID BUGTRAQ MISC SECUNIA OSVDB |
polyvision -- roomwizard_firmware | The PolyVision RoomWizard with firmware 3.2.3 has a default password of roomwizard for the administrator account, which makes it easier for remote attackers to obtain console access via an HTTP session, a different vulnerability than CVE-2010-0214. | 2011-01-11 | 7.5 | CVE-2011-0423 CERT-VN XF VUPEN BID FULLDISC MISC |
redhat -- evince | Array index error in the PK font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2640 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
redhat -- evince | Array index error in the VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2641 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
redhat -- evince | Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2642 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
redhat -- evince | Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 2011-01-07 | 7.6 | CVE-2010-2643 CONFIRM CONFIRM VUPEN VUPEN UBUNTU SECTRACK BID REDHAT SECUNIA SECUNIA SECUNIA FEDORA |
rim -- blackberry_enterprise_server | Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file. | 2011-01-12 | 9.3 | CVE-2010-2604 VUPEN BID CONFIRM SECUNIA |
tibco -- activecatalog | Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-01-07 | 7.5 | CVE-2010-4496 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
tibco -- activecatalog | Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 2011-01-07 | 7.5 | CVE-2010-4498 XF VUPEN CONFIRM CONFIRM SECTRACK BID SECUNIA |
wellintek -- kingview | Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777. | 2011-01-10 | 10.0 | CVE-2011-0406 XF VUPEN BID EXPLOIT-DB SECUNIA |
wireshark -- wireshark | Buffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression. | 2011-01-07 | 9.3 | CVE-2010-4538 CONFIRM VUPEN REDHAT SECUNIA OSVDB MLIST MLIST |
wireshark -- wireshark | Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs. | 2011-01-12 | 10.0 | CVE-2011-0444 CONFIRM MISC CONFIRM CONFIRM VUPEN |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
a51dev -- activecollab | ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | 2011-01-07 | 6.0 | CVE-2010-0215 CERT-VN CONFIRM |
apache -- subversion | The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. | 2011-01-07 | 6.8 | CVE-2010-4539 CONFIRM CONFIRM MLIST MLIST MLIST MLIST XF VUPEN SECTRACK BID CONFIRM SECUNIA MLIST MLIST MLIST |
apple -- mac_os_x | Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts. | 2011-01-10 | 6.8 | CVE-2010-4013 CONFIRM APPLE SECUNIA |
catb -- gif2png | Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. | 2011-01-14 | 6.8 | CVE-2009-5018 CONFIRM MLIST MLIST FULLDISC FEDORA CONFIRM CONFIRM VUPEN VUPEN GENTOO SECUNIA MLIST MLIST CONFIRM |
cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allow remote attackers to cause a denial of service (ASDM syslog outage) via a long URL, aka Bug IDs CSCsm11264 and CSCtb92911. | 2011-01-07 | 5.0 | CVE-2009-5037 MISC MISC CONFIRM |
cisco -- adaptive_security_appliance_software | Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote authenticated users to cause a denial of service (device crash) via a high volume of IPsec traffic, aka Bug ID CSCsx52748. | 2011-01-07 | 6.8 | CVE-2010-4676 CONFIRM |
cisco -- adaptive_security_appliance_software | emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) allows remote attackers to cause a denial of service (daemon crash) via a request for a document whose name contains space characters, aka Bug ID CSCsy08416. | 2011-01-07 | 5.0 | CVE-2010-4677 CONFIRM |
cisco -- ios | CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555. | 2011-01-07 | 6.8 | CVE-2009-5040 CONFIRM |
cisco -- ios | Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | 2011-01-07 | 4.0 | CVE-2010-4685 CONFIRM |
cisco -- ios | STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552. | 2011-01-07 | 5.0 | CVE-2010-4687 CONFIRM |
cisco -- adaptive_security_appliance_software | The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) does not properly authenticate HTTP requests from a Web Security appliance (WSA), which might allow remote attackers to obtain sensitive information via a HEAD request, aka Bug ID CSCte53635. | 2011-01-07 | 5.0 | CVE-2010-4690 CONFIRM |
citrix -- xen | The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. | 2011-01-10 | 5.5 | CVE-2010-4247 CONFIRM MISC MISC MLIST MLIST BID REDHAT SECUNIA |
coppermine-gallery -- coppermine_photo_gallery | Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php. | 2011-01-10 | 4.3 | CVE-2010-4693 XF MISC BID BUGTRAQ OSVDB OSVDB SECUNIA |
crawltrack -- crawltrack | Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors. | 2011-01-13 | 6.8 | CVE-2010-4537 CONFIRM MLIST MLIST |
debian -- dpkg | Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. | 2011-01-10 | 6.8 | CVE-2010-1679 VUPEN VUPEN UBUNTU DEBIAN SECUNIA SECUNIA |
debian -- dpkg | dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | 2011-01-10 | 6.8 | CVE-2011-0402 VUPEN VUPEN UBUNTU DEBIAN SECUNIA SECUNIA |
djangoproject -- django | The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | 2011-01-10 | 4.0 | CVE-2010-4534 CONFIRM MLIST MLIST CONFIRM CONFIRM SECUNIA MISC MISC FULLDISC |
djangoproject -- django | The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer. | 2011-01-10 | 5.0 | CVE-2010-4535 CONFIRM MLIST MLIST CONFIRM CONFIRM SECUNIA |
eclipse -- eclipse_ide | Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. | 2011-01-13 | 4.3 | CVE-2008-7271 MISC MISC |
eclipse -- eclipse_ide | Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. | 2011-01-13 | 4.3 | CVE-2010-4647 MISC MLIST MLIST |
gnu -- glibc | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | 2011-01-07 | 6.9 | CVE-2010-3847 CERT-VN CONFIRM MLIST REDHAT VUPEN CONFIRM UBUNTU BUGTRAQ REDHAT DEBIAN CONFIRM GENTOO SECUNIA FULLDISC FULLDISC FULLDISC |
gnu -- gimp | Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Position field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 6.8 | CVE-2010-4540 CONFIRM VUPEN MLIST MLIST MISC |
gnu -- gimp | Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long Foreground field in a plugin configuration file. NOTE: it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. NOTE: some of these details are obtained from third party information. | 2011-01-07 | 6.8 | CVE-2010-4542 CONFIRM VUPEN MLIST MLIST MISC |
gnu -- glibc | The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." | 2011-01-13 | 5.0 | CVE-2010-4051 CERT-VN MISC MISC BID BUGTRAQ SECTRACK SREASON SREASONRES SECUNIA FULLDISC |
gnu -- glibc | Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. | 2011-01-13 | 5.0 | CVE-2010-4052 CERT-VN MISC MISC BID BUGTRAQ SECTRACK SREASON SREASONRES SECUNIA FULLDISC |
google -- chrome | Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 2011-01-14 | 5.0 | CVE-2011-0470 CONFIRM CONFIRM |
ibm -- websphere_mq | Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash) by inserting an invalid message into the queue. | 2011-01-11 | 6.5 | CVE-2011-0314 XF AIXAPAR |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | 2011-01-11 | 4.3 | CVE-2011-0315 XF CONFIRM AIXAPAR |
ibm -- websphere_application_server | The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | 2011-01-11 | 5.0 | CVE-2011-0316 XF CONFIRM AIXAPAR |
ibm -- websphere_mq | Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. | 2011-01-13 | 6.8 | CVE-2011-0310 XF AIXAPAR |
io-socket-ssl -- io-socket-ssl | IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | 2011-01-13 | 4.0 | CVE-2010-4334 CONFIRM BID SECUNIA OSVDB CONFIRM |
joomla -- com_search | Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php. | 2011-01-10 | 4.3 | CVE-2011-0005 MISC XF BID BUGTRAQ BUGTRAQ MISC |
linux -- kernel | Multiple integer overflows in the (1) pppol2tp_sendmsg function in net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service (heap memory corruption and panic) or possibly gain privileges via a crafted sendto call. | 2011-01-07 | 6.9 | CVE-2010-4160 CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST CONFIRM CONFIRM MLIST CONFIRM MLIST SUSE |
linux -- kernel | Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) in Linux kernel 2.6.35 allows local users to cause a denial of service (crash) and possibly trigger memory corruption via a crafted Reliable Datagram Sockets (RDS) request, a different vulnerability than CVE-2010-3865. | 2011-01-10 | 4.9 | CVE-2010-4175 MLIST MLIST MLIST SUSE SUSE |
linux -- kernel | The hci_uart_tty_open function in the HCI UART driver (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly other versions, does not verify whether the tty has a write operation, which allows local users to cause a denial of service (NULL pointer dereference) via vectors related to the Bluetooth driver. | 2011-01-10 | 4.0 | CVE-2010-4242 CONFIRM MISC CONFIRM MLIST REDHAT |
linux -- kernel | The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel before 2.6.37 incorrectly expects that a certain name field ends with a ' |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.