U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-291)

Vulnerability Summary for the Week of October 11, 2010

Original release date: October 18, 2010 | Last revised: November 07, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
blentz -- smbind
The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page. 2010-10-14 7.5 CVE-2010-3076
MLIST
MLIST
CONFIRM
MISC
cmsmadesimple -- cms_made_simple
Directory traversal vulnerability in lib/translation.functions.php in CMS Made Simple before 1.8.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the default_cms_lang parameter to an admin script, as demonstrated by admin/addbookmark.php, a different vulnerability than CVE-2008-5642. 2010-10-08 7.5 CVE-2010-2797
MLIST
MLIST
CONFIRM
SECUNIA
MISC
david_shadoff -- mednafen
The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. 2010-10-12 10.0 CVE-2010-3085
MLIST
MLIST
CONFIRM
microsoft -- windows_2000
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll (aka the Microsoft MFCDLL shared library) on Windows 2000 SP4 and XP SP2 and SP3 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.21 Build 4010 application. 2010-10-08 9.3 CVE-2010-3885
EXPLOIT-DB
MISC
microsoft -- windows
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. 2010-10-08 7.2 CVE-2010-3888
MISC
MISC
MISC
MISC
MISC
MISC
microsoft -- windows
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers. 2010-10-08 7.2 CVE-2010-3889
MISC
MISC
MISC
MISC
MISC
MISC
microsoft -- windows_2003_server
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." 2010-10-13 9.3 CVE-2010-1883
MS
microsoft -- windows_2003_server
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." 2010-10-13 7.2 CVE-2010-2740
MS
microsoft -- windows_2003_server
The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." 2010-10-13 7.2 CVE-2010-2741
MS
microsoft -- windows_2003_server
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Vulnerability." 2010-10-13 7.2 CVE-2010-2744
MS
microsoft -- windows_media_player
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-2745
MS
microsoft -- windows_2003_server
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability." 2010-10-13 7.6 CVE-2010-2746
MS
microsoft -- office
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." 2010-10-13 9.3 CVE-2010-2747
MS
microsoft -- office
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." 2010-10-13 9.3 CVE-2010-2748
MS
microsoft -- office
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an invalid index value during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Index Vulnerability." 2010-10-13 9.3 CVE-2010-2750
MS
microsoft -- office
Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability." 2010-10-13 9.3 CVE-2010-3214
MS
microsoft -- office
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." 2010-10-13 9.3 CVE-2010-3215
MS
microsoft -- office
Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle bookmarks during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Bookmarks Vulnerability." 2010-10-13 9.3 CVE-2010-3216
MS
microsoft -- word
Microsoft Word 2002 SP3 does not properly handle pointers during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Pointer Vulnerability." 2010-10-13 9.3 CVE-2010-3217
MS
microsoft -- word
Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." 2010-10-13 9.3 CVE-2010-3218
MS
microsoft -- word
Microsoft Word 2002 SP3 does not properly handle indexes during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Index Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3219
MS
microsoft -- office
Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3220
MS
microsoft -- office
Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3221
MS
microsoft -- windows_server_2003
Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." 2010-10-13 7.2 CVE-2010-3222
MS
microsoft -- windows_server_2008
The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." 2010-10-13 7.5 CVE-2010-3223
MS
microsoft -- windows_7
Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." 2010-10-13 7.6 CVE-2010-3225
MS
microsoft -- .net_framework
The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." 2010-10-13 9.3 CVE-2010-3228
MS
microsoft -- windows_7
The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." 2010-10-13 7.1 CVE-2010-3229
MS
microsoft -- excel
Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." 2010-10-13 9.3 CVE-2010-3230
MS
microsoft -- excel
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3231
MS
microsoft -- excel
Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3232
MS
microsoft -- excel
Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3233
MS
microsoft -- excel
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3234
MS
microsoft -- excel
Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." 2010-10-13 9.3 CVE-2010-3235
MS
microsoft -- excel
Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." 2010-10-13 9.3 CVE-2010-3236
MS
microsoft -- excel
Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." 2010-10-13 9.3 CVE-2010-3237
MS
microsoft -- excel
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." 2010-10-13 9.3 CVE-2010-3238
MS
microsoft -- excel
Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3239
MS
microsoft -- excel
Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability." 2010-10-13 9.3 CVE-2010-3240
MS
microsoft -- excel
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3241
MS
microsoft -- excel
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." 2010-10-13 9.3 CVE-2010-3242
MS
microsoft -- ie
Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3326
MS
microsoft -- ie
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3328
MS
microsoft -- ie
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read HTML files, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3329
MS
microsoft -- ie
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." 2010-10-13 9.3 CVE-2010-3331
MS
novell -- opensuse
Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. 2010-10-12 7.2 CVE-2010-3110
SUSE
oracle -- database_server
Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. 2010-10-13 7.5 CVE-2010-2390
CONFIRM
oracle -- solaris
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler. 2010-10-13 10.0 CVE-2010-3509
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server. 2010-10-14 9.0 CVE-2010-3578
CONFIRM
oracle -- vm
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. 2010-10-14 9.0 CVE-2010-3582
CONFIRM
oracle -- vm
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. 2010-10-14 9.0 CVE-2010-3583
CONFIRM
oracle -- vm
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. 2010-10-14 9.0 CVE-2010-3585
CONFIRM
rim -- blackberry_enterprise_server
Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. 2010-10-14 7.6 CVE-2010-2601
CONFIRM
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apache -- qpid
sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. 2010-10-12 4.3 CVE-2010-3083
REDHAT
REDHAT
CONFIRM
CONFIRM
MLIST
apple -- mail
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. 2010-10-08 4.3 CVE-2010-3887
MISC
bip.t1r -- bip
bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command. 2010-10-14 5.0 CVE-2010-3071
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
christian_dywan -- midori
Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312. 2010-10-14 5.8 CVE-2010-3900
CONFIRM
MISC
CONFIRM
MLIST
MISC
CONFIRM
cmsmadesimple -- cms_made_simple
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module. 2010-10-08 4.3 CVE-2010-3882
MISC
SECUNIA
cmsmadesimple -- cms_made_simple
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications. 2010-10-08 6.8 CVE-2010-3883
MISC
SECUNIA
cmsmadesimple -- cms_made_simple
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 2010-10-08 6.8 CVE-2010-3884
SECUNIA
gnome -- epiphany
Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. 2010-10-14 5.8 CVE-2010-3312
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
MISC
gnu -- glibc
Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. 2010-10-14 5.0 CVE-2010-3192
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
FULLDISC
infradead -- openconnect
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation. 2010-10-14 5.0 CVE-2009-5009
CONFIRM
infradead -- openconnect
OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. 2010-10-14 6.4 CVE-2010-3901
MLIST
MLIST
CONFIRM
infradead -- openconnect
OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. 2010-10-14 5.0 CVE-2010-3902
CONFIRM
infradead -- openconnect
Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. 2010-10-14 5.0 CVE-2010-3903
CONFIRM
jianping_yu -- pidgin-knotify
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message. 2010-10-08 5.1 CVE-2010-3088
CONFIRM
MLIST
MLIST
MISC
linux -- kernel
arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS fields without verifying hardware support for these fields, which allows local users to cause a denial of service (host OS crash) by requesting a VMCS dump for a fully virtualized Xen guest. 2010-10-08 4.9 CVE-2010-2938
CONFIRM
CONFIRM
REDHAT
microsoft -- ie
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addresses used by an application, as demonstrated by the Internet Explorer 8 application. 2010-10-08 4.3 CVE-2010-3886
MISC
MISC
BUGTRAQ
microsoft -- ie
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." 2010-10-13 4.3 CVE-2010-3243
MS
MS
microsoft -- ie
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability." 2010-10-13 4.3 CVE-2010-3325
MS
microsoft -- ie
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability." 2010-10-13 4.3 CVE-2010-3327
MS
microsoft -- ie
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." 2010-10-13 4.3 CVE-2010-3330
MS
oracle -- e-business_suite
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. 2010-10-13 5.8 CVE-2010-2388
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2395
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2396
CONFIRM
oracle -- siebel_suite
Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. 2010-10-13 6.0 CVE-2010-2405
CONFIRM
oracle -- siebel_suite
Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. 2010-10-13 4.0 CVE-2010-2406
CONFIRM
oracle -- database_server
Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2407
CONFIRM
oracle -- e-business_suite
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2408
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2409
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2410
CONFIRM
oracle -- database_server
Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB. 2010-10-13 4.6 CVE-2010-2411
CONFIRM
oracle -- database_server
Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-13 5.5 CVE-2010-2412
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2413
CONFIRM
oracle -- database_server
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. 2010-10-13 4.9 CVE-2010-2415
CONFIRM
oracle -- e-business_suite
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2416
CONFIRM
oracle -- supply_chain_products_suite
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.0.0 allows remote authenticated users to affect integrity via unknown vectors. 2010-10-13 4.0 CVE-2010-2417
CONFIRM
oracle -- e-business_suite
Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-2418
CONFIRM
oracle -- database_server
Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. 2010-10-13 6.5 CVE-2010-2419
CONFIRM
oracle -- siebel_suite
Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. 2010-10-13 6.0 CVE-2010-3500
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the OID component in Oracle Fusion Middleware 10.1.2.3, 10.1.4.3, and 11.1.1.2.0 allows remote attackers to affect availability via unknown vectors. 2010-10-13 5.0 CVE-2010-3501
CONFIRM
oracle -- siebel_suite
Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. 2010-10-13 4.0 CVE-2010-3502
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su. 2010-10-13 6.3 CVE-2010-3503
CONFIRM
oracle -- e-business_suite
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. 2010-10-13 4.3 CVE-2010-3504
CONFIRM
oracle -- solaris
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Live Upgrade. 2010-10-13 6.6 CVE-2010-3507
CONFIRM
oracle -- sun_products_suite
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container. 2010-10-13 4.3 CVE-2010-3514
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver. 2010-10-13 4.0 CVE-2010-3515
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand. 2010-10-13 4.0 CVE-2010-3516
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86. 2010-10-13 4.9 CVE-2010-3517
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #13, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-13 5.5 CVE-2010-3518
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect integrity via unknown vectors. 2010-10-13 4.0 CVE-2010-3519
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-13 5.5 CVE-2010-3520
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-13 5.5 CVE-2010-3521
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors. 2010-10-14 4.0 CVE-2010-3522
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote attackers to affect integrity via unknown vectors. 2010-10-14 5.0 CVE-2010-3523
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic Sourcing component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3524
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SCM, (3) EPM, (4) CRM, and (5) Campus Solutions components in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3525
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3526
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect integrity and availability via unknown vectors. 2010-10-14 5.5 CVE-2010-3527
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Components component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #41, 9.0 Bundle #28, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors. 2010-10-14 4.0 CVE-2010-3528
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Management component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3529
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3530
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3531
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Capture component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #28 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3532
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM Order Capture component in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3533
CONFIRM
oracle -- primavera_product_suite
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.21.3.0 and 7.0.1.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Project Management Module. 2010-10-14 4.6 CVE-2010-3534
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. 2010-10-14 4.4 CVE-2010-3535
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3536
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3537
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3538
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3539
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS. 2010-10-14 4.0 CVE-2010-3540
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. 2010-10-14 5.8 CVE-2010-3544
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. 2010-10-14 5.8 CVE-2010-3545
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.8 CVE-2010-3546
CONFIRM
oracle -- peoplesoft_and_jdedwards_product_suite
Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-14 5.5 CVE-2010-3547
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. 2010-10-14 6.4 CVE-2010-3564
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail. 2010-10-14 6.4 CVE-2010-3575
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS. 2010-10-14 6.4 CVE-2010-3577
CONFIRM
oracle -- sun_product_suite
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. 2010-10-14 6.4 CVE-2010-3579
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System. 2010-10-14 4.6 CVE-2010-3580
CONFIRM
oracle -- vm
Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. 2010-10-14 4.3 CVE-2010-3584
CONFIRM
redhat -- enterprise_mrg
lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. 2010-10-12 4.0 CVE-2010-3701
CONFIRM
REDHAT
REDHAT
CONFIRM
rene_tegel -- visual_synapse
Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 RC1 through RC3, and 0.60 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. 2010-10-08 5.0 CVE-2010-3743
MISC
BID
BUGTRAQ
EXPLOIT-DB
rim -- blackberry_device_software
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information. 2010-10-14 6.8 CVE-2010-3934
SECTRACK
SECUNIA
MISC
squid-cache -- squid
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. 2010-10-12 5.0 CVE-2010-2951
CONFIRM
MLIST
MLIST
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
cisco -- anyconnect_ssl_vpn
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. 2010-10-143.3 CVE-2009-5007
MISC
cisco -- secure_desktop
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. 2010-10-142.1 CVE-2009-5008
MISC
microsoft -- ie
Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability." 2010-10-132.6 CVE-2010-0808
MS
oracle -- database_server
Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon. 2010-10-131.0 CVE-2010-2389
CONFIRM
oracle -- database_server
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. 2010-10-133.6 CVE-2010-2391
CONFIRM
oracle -- e-business_suite
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account. 2010-10-133.5 CVE-2010-2404
CONFIRM
oracle -- sun_products_suite
Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors. 2010-10-132.6 CVE-2010-2414
CONFIRM
oracle -- sun_products_suite
Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors. 2010-10-133.0 CVE-2010-3506
CONFIRM
oracle -- solaris
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones. 2010-10-133.2 CVE-2010-3508
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk. 2010-10-132.6 CVE-2010-3511
CONFIRM
oracle -- sun_products_suite
Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV). 2010-10-133.5 CVE-2010-3512
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers. 2010-10-132.4 CVE-2010-3513
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB. 2010-10-141.9 CVE-2010-3542
CONFIRM
oracle -- opensolaris
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver. 2010-10-143.6 CVE-2010-3576
CONFIRM
oracle -- fusion_middleware
Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors. 2010-10-143.5 CVE-2010-3581
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top