U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-235)

Vulnerability Summary for the Week of August 16, 2010

Original release date: August 23, 2010 | Last revised: November 06, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- couchdb
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. 2010-08-19 7.5 CVE-2010-2234
CONFIRM
BID
BUGTRAQ
FULLDISC
apple -- iphone_os
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. 2010-08-16 9.3 CVE-2010-1797
CONFIRM
CONFIRM
XF
VUPEN
VUPEN
UBUNTU
BID
MISC
EXPLOIT-DB
CONFIRM
CONFIRM
CONFIRM
SECUNIA
SECUNIA
SECUNIA
OSVDB
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- quicktime
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. 2010-08-16 9.3 CVE-2010-1799
BID
CONFIRM
OVAL
APPLE
autonomy -- keyview_export_sdk
Heap-based buffer overflow in an unspecified library in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted compound file, as demonstrated using a Quattro Pro file, which is not properly handled by the Quattro speed reader (qpssr.dll). 2010-08-17 9.3 CVE-2010-0126
CONFIRM
BID
CONFIRM
MISC
autonomy -- keyview_export_sdk
Stack-based buffer overflow in the SpreadSheet Lotus 123 reader (wkssr.dll), as used in Autonomy KeyView 10.4 and 10.9, Symantec Mail Security, and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to floating point conversion in unknown record types. 2010-08-17 9.3 CVE-2010-0131
CONFIRM
BID
CONFIRM
MISC
MISC
autonomy -- keyview_export_sdk
Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allow remote attackers to execute arbitrary code via unspecified vectors related to "certain records." 2010-08-17 9.3 CVE-2010-0133
CONFIRM
BID
CONFIRM
MISC
autonomy -- keyview_export_sdk
Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via a crafted ls keyword in a list override table entry in an RTF file, which triggers a buffer overflow. 2010-08-17 10.0 CVE-2010-0134
CONFIRM
BID
CONFIRM
MISC
autonomy -- keyview_export_sdk
Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), as used in Autonomy KeyView 10.4 and 10.9 and possibly other products, allows remote attackers to execute arbitrary code via unspecified vectors related to "data blocks." 2010-08-17 9.3 CVE-2010-0135
CONFIRM
BID
CONFIRM
MISC
autonomy -- keyview_export_sdk
The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via unspecified vectors related to allocation of an array of pointers and "string indexing," which triggers memory corruption. 2010-08-17 9.3 CVE-2010-1524
CONFIRM
BID
CONFIRM
MISC
autonomy -- keyview_export_sdk
Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow. 2010-08-17 9.3 CVE-2010-1525
CONFIRM
BID
CONFIRM
MISC
cisco -- ios
Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193. 2010-08-16 7.8 CVE-2010-2827
BID
CISCO
cisco -- ace_4710
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858. 2010-08-17 7.8 CVE-2010-2822
CISCO
cisco -- ace_4710
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493. 2010-08-17 7.8 CVE-2010-2823
CISCO
cisco -- ace_module
Unspecified vulnerability on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers allows remote attackers to cause a denial of service (device reload) via a sequence of SSL packets, aka Bug ID CSCta20756. 2010-08-17 7.8 CVE-2010-2824
CISCO
cisco -- ace_4710
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569. 2010-08-17 7.8 CVE-2010-2825
CISCO
cisco -- wireless_control_system_software
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. 2010-08-17 9.0 CVE-2010-2826
CISCO
freetype -- freetype
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. 2010-08-19 9.3 CVE-2010-2498
MLIST
CONFIRM
CONFIRM
UBUNTU
REDHAT
MANDRIVA
DEBIAN
SECTRACK
MLIST
MLIST
CONFIRM
freetype -- freetype
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. 2010-08-19 9.3 CVE-2010-2499
MLIST
CONFIRM
CONFIRM
CONFIRM
UBUNTU
REDHAT
MANDRIVA
DEBIAN
SECTRACK
MLIST
MLIST
CONFIRM
CONFIRM
freetype -- freetype
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 9.3 CVE-2010-2500
CONFIRM
CONFIRM
UBUNTU
REDHAT
REDHAT
MANDRIVA
DEBIAN
SECTRACK
MLIST
MLIST
MLIST
CONFIRM
freetype -- freetype
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. 2010-08-19 9.3 CVE-2010-2519
MLIST
CONFIRM
CONFIRM
UBUNTU
REDHAT
MANDRIVA
DEBIAN
SECTRACK
MLIST
MLIST
CONFIRM
CONFIRM
freetype -- freetype
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 9.3 CVE-2010-2807
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
BID
CONFIRM
SECUNIA
SECUNIA
MLIST
CONFIRM
opera -- opera
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations. 2010-08-16 9.3 CVE-2010-3019
CONFIRM
CONFIRM
CONFIRM
CONFIRM
oracle -- siebel_option_pack_ie_activex_control
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document. 2010-08-17 9.3 CVE-2009-3737
CERT-VN
VUPEN
OSVDB
SECUNIA
phpkick -- phpkick
SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action. 2010-08-16 7.5 CVE-2010-3029
EXPLOIT-DB
pligg -- pligg_cms
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. 2010-08-16 7.5 CVE-2010-2577
BID
CONFIRM
OSVDB
OSVDB
MISC
SECUNIA
pligg -- pligg_cms
SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577. 2010-08-16 7.5 CVE-2010-3013
BID
CONFIRM
OSVDB
SECUNIA
CONFIRM
CONFIRM
sap -- crystal_reports
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. 2010-08-17 9.3 CVE-2010-3032
MISC
XF
VUPEN
SECTRACK
BID
BUGTRAQ
BUGTRAQ
BUGTRAQ
SECUNIA
OSVDB
MISC
swftools -- swftools
Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c. 2010-08-17 9.3 CVE-2010-1516
BUGTRAQ
MISC
SECUNIA
tycoon -- baseball_script
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action. 2010-08-16 7.5 CVE-2010-3027
EXPLOIT-DB
SECUNIA
MISC
webkit -- webkit
page/Geolocation.cpp in WebCore in WebKit before r56188 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. 2010-08-19 10.0 CVE-2010-1386
CONFIRM
CONFIRM
CONFIRM
webkit -- webkit
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. 2010-08-19 10.0 CVE-2010-1760
CONFIRM
BID
CONFIRM
CONFIRM
wireshark -- wireshark
Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression. 2010-08-13 10.0 CVE-2010-2994
CONFIRM
OVAL
wireshark -- wireshark
The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287. 2010-08-13 10.0 CVE-2010-2995
CONFIRM
CONFIRM
OVAL
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- struts
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. 2010-08-17 5.0 CVE-2010-1870
BID
OSVDB
EXPLOIT-DB
CONFIRM
FULLDISC
CONFIRM
MISC
apache -- cxf
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. 2010-08-19 6.4 CVE-2010-2076
CONFIRM
BID
MLIST
CONFIRM
SECUNIA
SECUNIA
SECUNIA
CONFIRM
CONFIRM
CONFIRM
ehulihanapplications -- diamondlist
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml. 2010-08-16 4.3 CVE-2010-3023
VUPEN
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
SECUNIA
MISC
CONFIRM
CONFIRM
ehulihanapplications -- diamondlist
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration. 2010-08-16 4.3 CVE-2010-3024
XF
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
BUGTRAQ
CONFIRM
freetype -- freetype
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 6.8 CVE-2010-2497
MLIST
CONFIRM
CONFIRM
CONFIRM
MANDRIVA
DEBIAN
MLIST
MLIST
CONFIRM
freetype -- freetype
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 5.1 CVE-2010-2520
MLIST
CONFIRM
CONFIRM
UBUNTU
MANDRIVA
DEBIAN
MLIST
MLIST
CONFIRM
freetype -- freetype
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 5.0 CVE-2010-2527
MLIST
CONFIRM
UBUNTU
REDHAT
REDHAT
DEBIAN
SECTRACK
CONFIRM
MLIST
CONFIRM
freetype -- freetype
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 4.3 CVE-2010-2541
CONFIRM
CONFIRM
CONFIRM
VUPEN
UBUNTU
REDHAT
REDHAT
CONFIRM
SECTRACK
SECUNIA
freetype -- freetype
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. 2010-08-19 6.8 CVE-2010-2805
BID
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
CONFIRM
SECUNIA
SECUNIA
MLIST
CONFIRM
freetype -- freetype
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. 2010-08-19 6.8 CVE-2010-2806
CONFIRM
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
BID
SECUNIA
SECUNIA
MLIST
CONFIRM
CONFIRM
freetype -- freetype
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. 2010-08-19 6.8 CVE-2010-2808
BID
CONFIRM
CONFIRM
CONFIRM
VUPEN
VUPEN
UBUNTU
CONFIRM
SECUNIA
SECUNIA
MLIST
MLIST
CONFIRM
CONFIRM
freetype -- freetype
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. 2010-08-19 4.3 CVE-2010-3053
CONFIRM
freetype -- freetype
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. 2010-08-19 5.0 CVE-2010-3054
CONFIRM
glpng -- glpng
Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows. 2010-08-16 6.8 CVE-2010-1519
BUGTRAQ
MISC
SECUNIA
libvirt -- libvirt
Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. 2010-08-19 4.9 CVE-2010-2237
CONFIRM
FEDORA
FEDORA
MISC
microsoft -- windows_2003_server
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." 2010-08-16 6.8 CVE-2010-1886
MSKB
MSKB
CONFIRM
mozilla -- bugzilla
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. 2010-08-16 5.0 CVE-2010-2756
CONFIRM
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
mozilla -- bugzilla
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. 2010-08-16 6.5 CVE-2010-2757
CONFIRM
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
mozilla -- bugzilla
Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. 2010-08-16 5.0 CVE-2010-2758
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
mozilla -- bugzilla
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. 2010-08-16 4.0 CVE-2010-2759
CONFIRM
CONFIRM
VUPEN
BID
CONFIRM
SECUNIA
openssl -- openssl
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. 2010-08-17 4.3 CVE-2010-2939
VUPEN
MLIST
MLIST
MLIST
MLIST
SECTRACK
SECUNIA
FULLDISC
opera -- opera
Opera before 10.61 does not properly suppress clicks on download dialogs that became visible after a recent tab change, which allows remote attackers to conduct clickjacking attacks, and consequently execute arbitrary code, via vectors involving (1) closing a tab or (2) hiding a tab, a related issue to CVE-2005-2407. 2010-08-16 6.8 CVE-2010-2576
BUGTRAQ
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
opera -- opera
The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. 2010-08-16 5.0 CVE-2010-3020
CONFIRM
CONFIRM
CONFIRM
CONFIRM
opera -- opera
Unspecified vulnerability in Opera before 10.61 allows remote attackers to cause a denial of service (CPU consumption and application hang) via an animated PNG image. 2010-08-16 4.3 CVE-2010-3021
CONFIRM
CONFIRM
CONFIRM
squirrelmail -- squirrelmail
functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. 2010-08-19 5.0 CVE-2010-2813
CONFIRM
XF
VUPEN
VUPEN
BID
DEBIAN
CONFIRM
CONFIRM
SECUNIA
SECUNIA
FEDORA
FEDORA
tomaz-muraus -- open_blog
Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit. 2010-08-16 4.3 CVE-2010-3025
XF
BID
BUGTRAQ
BUGTRAQ
MISC
MISC
SECUNIA
MISC
tomaz-muraus -- open_blog
Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges. 2010-08-16 4.3 CVE-2010-3026
XF
BUGTRAQ
MISC
EXPLOIT-DB
SECUNIA
MISC
OSVDB
tomaz-muraus -- open_blog
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-08-17 4.3 CVE-2010-3030
SECUNIA
uzbl -- uzbl
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. 2010-08-19 6.8 CVE-2010-2809
CONFIRM
CONFIRM
XF
CONFIRM
CONFIRM
BID
MLIST
MLIST
CONFIRM
CONFIRM
wireshark -- wireshark
packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference. 2010-08-13 5.0 CVE-2010-2992
CONFIRM
CONFIRM
OVAL
wireshark -- wireshark
The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. 2010-08-13 5.0 CVE-2010-2993
CONFIRM
OVAL
znc -- znc
Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. 2010-08-17 5.0 CVE-2010-2812
CONFIRM
CONFIRM
CONFIRM
VUPEN
BID
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
FEDORA
FEDORA
znc -- znc
Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls." 2010-08-17 5.0 CVE-2010-2934
CONFIRM
CONFIRM
VUPEN
BID
SECUNIA
SECUNIA
MLIST
MLIST
MLIST
FEDORA
FEDORA
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- derby
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. 2010-08-162.1 CVE-2009-4269
CONFIRM
MISC
CONFIRM
MISC
drupal -- devel_module
Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. 2010-08-162.6 CVE-2010-3022
BID
CONFIRM
CONFIRM
XF
SECUNIA
OSVDB
CONFIRM
libvirt -- libvirt
Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. 2010-08-192.1 CVE-2010-2238
CONFIRM
FEDORA
FEDORA
MISC
libvirt -- libvirt
Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. 2010-08-192.1 CVE-2010-2239
CONFIRM
VUPEN
REDHAT
FEDORA
FEDORA
MISC
libvirt -- libvirt
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. 2010-08-192.1 CVE-2010-2242
CONFIRM
CONFIRM
VUPEN
REDHAT
FEDORA
FEDORA
CONFIRM
redhat -- directory_server
The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. 2010-08-172.1 CVE-2010-2241
CONFIRM
SECTRACK
OSVDB
SECUNIA
REDHAT
simon_philips -- aardvertiser
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. 2010-08-163.6 CVE-2010-3028
XF
BID
OSVDB
CONFIRM
SECUNIA
wyse -- thinos
Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other versions before ThinOS 6.5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the LPD service. 2010-08-170.0 CVE-2010-3031
CERT-VN
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top