Vulnerability Summary for the Week of August 6, 2012
Released
Aug 13, 2012
Document ID
SB12-226
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| bitcoin -- bitcoind | Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction. | 2012-08-06 | 7.5 | CVE-2010-5139 |
| bitcoin -- bitcoind | wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors. | 2012-08-06 | 7.5 | CVE-2010-5141 |
| bitcoin -- bitcoin-qt | Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. | 2012-08-06 | 7.5 | CVE-2012-1910 |
| cisco -- aironet_1040 | Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. | 2012-08-06 | 7.8 | CVE-2012-1350 |
| cisco -- nexus_7000 | Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. | 2012-08-06 | 7.8 | CVE-2012-2469 |
| cisco -- adaptive_security_appliance_software | Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143. | 2012-08-06 | 7.8 | CVE-2012-2472 |
| ganglia -- ganglia-web | Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. | 2012-08-06 | 7.5 | CVE-2012-3448 |
| google -- chrome | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. | 2012-08-06 | 7.5 | CVE-2012-2856 |
| google -- chrome | Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 2012-08-06 | 7.5 | CVE-2012-2859 |
| google -- chrome | The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. | 2012-08-09 | 7.5 | CVE-2012-2863 |
| ibm -- power_hardware_management_console_firmware | IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. | 2012-08-06 | 7.2 | CVE-2012-2188 |
| ibm -- global_security_kit | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. | 2012-08-08 | 7.5 | CVE-2012-2203 |
| libreoffice -- libreoffice | Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. | 2012-08-06 | 7.5 | CVE-2012-2665 |
| linux -- linux_kernel | The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. | 2012-08-09 | 7.2 | CVE-2012-2136 |
| linux -- linux_kernel | net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. | 2012-08-09 | 7.8 | CVE-2012-2744 |
| mit -- kerberos | The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request. | 2012-08-06 | 9.0 | CVE-2012-1014 |
| mit -- kerberos | The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. | 2012-08-06 | 9.3 | CVE-2012-1015 |
| opera -- opera_browser | Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." | 2012-08-06 | 10.0 | CVE-2012-4145 |
| redhat -- icedtea-web | The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | 2012-08-07 | 7.5 | CVE-2012-3423 |
| rsgallery2 -- com_rsgallery2 | SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2012-08-10 | 7.5 | CVE-2012-3554 |
| siemens -- synco_ozw_web_server | The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. | 2012-08-06 | 7.5 | CVE-2012-3020 |
| symantec -- web_gateway | SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. | 2012-08-07 | 7.5 | CVE-2012-4178 |
| ubi -- uplay_pc | The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. | 2012-08-07 | 10.0 | CVE-2012-4177 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- poi | The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. | 2012-08-07 | 5.0 | CVE-2012-0213 |
| bitcoin -- bitcoind | wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a denial of service (daemon crash) via a Bitcoin transaction containing an OP_LSHIFT script opcode. | 2012-08-06 | 5.0 | CVE-2010-5137 |
| bitcoin -- bitcoind | wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial of service (electricity consumption) via a Bitcoin transaction containing multiple OP_CHECKSIG script opcodes. | 2012-08-06 | 5.0 | CVE-2010-5138 |
| bitcoin -- bitcoind | wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service (invalid-transaction flood) by sending low-valued transactions without transaction fees. | 2012-08-06 | 5.0 | CVE-2010-5140 |
| bitcoin -- bitcoind | The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and reading entries that are marked for deletion. | 2012-08-06 | 4.3 | CVE-2011-4447 |
| bitcoin -- bitcoin-qt | The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. | 2012-08-06 | 5.0 | CVE-2012-1909 |
| bitcoin -- bitcoin-qt | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network. | 2012-08-06 | 5.0 | CVE-2012-2459 |
| bitcoin -- bitcoin-qt | Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. | 2012-08-06 | 5.0 | CVE-2012-3789 |
| canonical -- php5 | The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. | 2012-08-07 | 4.3 | CVE-2012-2317 |
| cisco -- catalyst_3560 | Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. | 2012-08-06 | 6.3 | CVE-2012-1338 |
| cisco -- unified_computing_system_software | The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. | 2012-08-06 | 5.0 | CVE-2012-1339 |
| cisco -- mds_9000_nx-os | The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. | 2012-08-06 | 5.0 | CVE-2012-1340 |
| cisco -- carrier_routing_system | Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | 2012-08-06 | 5.0 | CVE-2012-1342 |
| cisco -- emergency_responder | Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. | 2012-08-06 | 5.0 | CVE-2012-1346 |
| cisco -- wide_area_application_services | Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. | 2012-08-06 | 5.0 | CVE-2012-1348 |
| cisco -- nexus_5000 | The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. | 2012-08-06 | 5.0 | CVE-2012-1357 |
| cisco -- ios | Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. | 2012-08-06 | 4.3 | CVE-2012-1361 |
| cisco -- unified_computing_system_software | Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. | 2012-08-06 | 4.0 | CVE-2012-1364 |
| cisco -- unified_computing_system_software | Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. | 2012-08-06 | 4.0 | CVE-2012-1365 |
| cisco -- ios | The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. | 2012-08-06 | 5.0 | CVE-2012-1367 |
| cisco -- adaptive_security_appliance_software | Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. | 2012-08-06 | 4.0 | CVE-2012-2474 |
| cisco -- ip_communicator | Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. | 2012-08-06 | 5.0 | CVE-2012-2490 |
| cisco -- anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. | 2012-08-06 | 4.0 | CVE-2012-2498 |
| cisco -- anyconnect_secure_mobility_client | The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. | 2012-08-06 | 5.8 | CVE-2012-2499 |
| cisco -- anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. | 2012-08-06 | 4.0 | CVE-2012-2500 |
| fenrir-inc -- sleipnir_mobile | The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. | 2012-08-08 | 6.8 | CVE-2012-2649 |
| fenrir-inc -- sleipnir_mobile | Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to inject arbitrary web script or HTML via a crafted application that interacts with an unspecified Sleipnir Mobile function. | 2012-08-08 | 4.3 | CVE-2012-4004 |
| gnu -- automake | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | 2012-08-07 | 4.4 | CVE-2012-3386 |
| goodiware -- goodreader | Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. | 2012-08-07 | 4.3 | CVE-2012-2648 |
| google -- chrome | Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. | 2012-08-06 | 5.0 | CVE-2012-2846 |
| google -- chrome | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. | 2012-08-06 | 4.3 | CVE-2012-2847 |
| google -- chrome | The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. | 2012-08-06 | 4.3 | CVE-2012-2848 |
| google -- chrome | Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | 2012-08-06 | 4.3 | CVE-2012-2849 |
| google -- chrome | Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. | 2012-08-06 | 6.8 | CVE-2012-2850 |
| google -- chrome | Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2012-08-06 | 6.8 | CVE-2012-2851 |
| google -- chrome | The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. | 2012-08-06 | 6.8 | CVE-2012-2852 |
| google -- chrome | The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. | 2012-08-06 | 6.8 | CVE-2012-2853 |
| google -- chrome | Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. | 2012-08-06 | 5.0 | CVE-2012-2854 |
| google -- chrome | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2012-08-06 | 6.8 | CVE-2012-2855 |
| google -- chrome | Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2012-08-06 | 6.8 | CVE-2012-2857 |
| google -- chrome | Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. | 2012-08-06 | 6.8 | CVE-2012-2858 |
| google -- chrome | The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. | 2012-08-06 | 6.8 | CVE-2012-2860 |
| google -- chrome | Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | 2012-08-09 | 6.8 | CVE-2012-2862 |
| graphicsmagick -- graphicsmagick | The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | 2012-08-07 | 4.3 | CVE-2012-3438 |
| hp -- network_node_manager_i | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-08-07 | 4.3 | CVE-2012-2022 |
| hp -- arcsight_connector_appliance | Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. | 2012-08-08 | 4.3 | CVE-2012-2960 |
| ibm -- global_security_kit | IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333. | 2012-08-08 | 5.0 | CVE-2012-2191 |
| imagemagick -- imagemagick | The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | 2012-08-07 | 4.3 | CVE-2012-3437 |
| kde -- kde_pim | The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | 2012-08-07 | 4.3 | CVE-2012-3413 |
| linux -- linux_kernel | The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. | 2012-08-09 | 4.0 | CVE-2012-2373 |
| linux -- linux_kernel | The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. | 2012-08-09 | 4.7 | CVE-2012-2745 |
| martin_nagy -- bind-dyndb-ldap | The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. | 2012-08-07 | 5.0 | CVE-2012-3429 |
| naver -- nhn_japan_naver_line | The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. | 2012-08-07 | 5.0 | CVE-2012-4005 |
| opera -- opera_browser | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | 2012-08-06 | 4.3 | CVE-2012-4142 |
| opera -- opera_browser | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | 2012-08-06 | 6.8 | CVE-2012-4143 |
| opera -- opera_browser | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | 2012-08-06 | 4.3 | CVE-2012-4144 |
| opera -- opera_browser | Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. | 2012-08-06 | 4.3 | CVE-2012-4146 |
| opscode -- chef | chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI. | 2012-08-08 | 6.5 | CVE-2010-5142 |
| opscode -- chef | chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command. | 2012-08-08 | 5.5 | CVE-2011-5097 |
| opscode -- chef | chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option. | 2012-08-08 | 6.5 | CVE-2011-5098 |
| puppetlabs -- puppet | Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. | 2012-08-06 | 4.0 | CVE-2012-3864 |
| puppetlabs -- puppet | lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. | 2012-08-06 | 4.3 | CVE-2012-3867 |
| qemu -- qemu | The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. | 2012-08-07 | 4.4 | CVE-2012-2652 |
| redhat -- icedtea-web | The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. | 2012-08-07 | 6.8 | CVE-2012-3422 |
| rsgallery2 -- com_rsgallery2 | Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. | 2012-08-10 | 4.3 | CVE-2012-4071 |
| rsgallery2 -- com_rsgallery2 | The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | 2012-08-10 | 5.0 | CVE-2012-4235 |
| rubyonrails -- ruby_on_rails | The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | 2012-08-08 | 5.0 | CVE-2012-3424 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. | 2012-08-10 | 4.3 | CVE-2012-3463 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. | 2012-08-10 | 4.3 | CVE-2012-3464 |
| rubyonrails -- ruby_on_rails | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. | 2012-08-10 | 4.3 | CVE-2012-3465 |
| todd_miller -- sudo | A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | 2012-08-08 | 5.6 | CVE-2012-3440 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco -- ios | Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. | 2012-08-06 | 3.5 | CVE-2012-1344 |
| cisco -- anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. | 2012-08-06 | 3.5 | CVE-2012-1370 |
| debian -- logol | logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | 2012-08-07 | 3.6 | CVE-2012-3453 |
| extplorer -- extplorer | eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files. | 2012-08-07 | 3.6 | CVE-2012-3454 |
| gnome -- screensaver | gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. | 2012-08-07 | 3.3 | CVE-2012-3452 |
| novell -- suse_audit_log_keeper | The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. | 2012-08-08 | 2.1 | CVE-2012-0421 |
| openvswitch -- openvswitch | Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. | 2012-08-07 | 3.6 | CVE-2012-3449 |
| php -- php | pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. | 2012-08-06 | 2.6 | CVE-2012-3450 |
| pidgin -- pidgin | cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retains encryption-key data in process memory, which might allow local users to obtain sensitive information by reading a core file or other representation of memory contents. | 2012-08-08 | 2.1 | CVE-2011-4922 |
| puppetlabs -- puppet | lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. | 2012-08-06 | 2.6 | CVE-2012-3408 |
| puppetlabs -- puppet | Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. | 2012-08-06 | 3.5 | CVE-2012-3865 |
| puppetlabs -- puppet | lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. | 2012-08-06 | 2.1 | CVE-2012-3866 |
| redhat -- libvirt | The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. | 2012-08-07 | 3.5 | CVE-2012-3445 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.