Vulnerability Summary for the Week of March 29, 2010
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
spam assassin | The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. | 2010-03-27 | 9.3 | CVE-2010-1132 XF VUPEN VUPEN SECTRACK BID MISC DEBIAN SECUNIA SECUNIA OSVDB FULLDISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075. | 2010-03-29 | 9.3 | CVE-2010-1176 BID MISC MISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | 2010-03-29 | 9.3 | CVE-2010-1177 BID MISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024. | 2010-03-29 | 9.3 | CVE-2010-1179 BID MISC MISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | 2010-03-29 | 9.3 | CVE-2010-1180 BID MISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. | 2010-03-29 | 9.3 | CVE-2010-1181 MISC |
apple -- mac_os_x | AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. | 2010-03-30 | 7.5 | CVE-2010-0057 APPLE |
apple -- mac_os_x | Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | 2010-03-30 | 7.5 | CVE-2010-0533 CONFIRM APPLE |
apple -- mac_os_x | xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. | 2010-03-30 | 10.0 | CVE-2010-0055 CONFIRM APPLE |
apple -- mac_os_x | Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. | 2010-03-30 | 7.2 | CVE-2010-0498 CONFIRM APPLE |
apple -- mac_os_x | Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | 2010-03-30 | 7.8 | CVE-2010-0500 CONFIRM APPLE |
apple -- mac_os_x_server | Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 2010-03-30 | 7.5 | CVE-2010-0504 CONFIRM APPLE |
apple -- mac_os_x | Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. | 2010-03-30 | 10.0 | CVE-2010-0508 CONFIRM APPLE |
apple -- mac_os_x | SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. | 2010-03-30 | 7.2 | CVE-2010-0509 CONFIRM APPLE |
apple -- mac_os_x_server | Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | 2010-03-30 | 9.0 | CVE-2010-0510 CONFIRM APPLE |
apple -- mac_os_x | The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | 2010-03-30 | 9.3 | CVE-2010-0512 CONFIRM APPLE |
apple -- mac_os_x_server | Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | 2010-03-30 | 9.0 | CVE-2010-0522 CONFIRM APPLE |
apple -- mac_os_x | The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | 2010-03-30 | 7.5 | CVE-2010-0524 CONFIRM APPLE |
apple -- mac_os_x | Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | 2010-03-30 | 7.8 | CVE-2010-0525 CONFIRM APPLE |
apple -- quicktime | Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 2010-03-31 | 9.3 | CVE-2010-0527 APPLE |
apple -- quicktime | Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file. | 2010-03-31 | 9.3 | CVE-2010-0528 APPLE |
apple -- quicktime | Heap-based buffer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 2010-03-31 | 9.3 | CVE-2010-0529 APPLE |
apple -- quicktime | Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. | 2010-03-31 | 9.3 | CVE-2010-0536 APPLE |
beatport -- beatport_player | Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. | 2010-03-29 | 9.3 | CVE-2009-4756 XF BID MILW0RM MILW0RM MILW0RM MILW0RM |
dicas -- mpegable_player | Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file. | 2010-03-29 | 9.3 | CVE-2009-4758 XF BID MILW0RM |
evils-world -- ew-musicplayer | Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information. | 2010-03-29 | 9.3 | CVE-2009-4757 BID MILW0RM |
google -- chrome | Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors. | 2010-04-01 | 10.0 | CVE-2010-1228 CONFIRM CONFIRM CONFIRM |
google -- chrome | The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors. | 2010-04-01 | 10.0 | CVE-2010-1229 CONFIRM CONFIRM CONFIRM |
google -- chrome | Google Chrome before 4.1.249.1036 does not have the expected behavior for attempts to delete Web SQL Databases and clear the Strict Transport Security (STS) state, which has unspecified impact and attack vectors. | 2010-04-01 | 10.0 | CVE-2010-1230 CONFIRM CONFIRM CONFIRM |
google -- chrome | Google Chrome before 4.1.249.1036 processes HTTP headers before invoking the SafeBrowsing feature, which allows remote attackers to have an unspecified impact via crafted headers. | 2010-04-01 | 10.0 | CVE-2010-1231 CONFIRM CONFIRM |
google -- chrome | Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects. | 2010-04-01 | 10.0 | CVE-2010-1233 CONFIRM CONFIRM |
google -- chrome | Google Chrome before 4.1.249.1036 does not properly restrict cross-origin operations, which has unspecified impact and remote attack vectors. | 2010-04-01 | 10.0 | CVE-2010-1236 CONFIRM CONFIRM |
google -- chrome | Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via an empty SVG element. | 2010-04-01 | 7.5 | CVE-2010-1237 CONFIRM CONFIRM |
hp -- soa_registry_foundation | Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors. | 2010-03-31 | 8.5 | CVE-2010-0450 HP HP SECTRACK BID SECUNIA |
hp -- insight_control_suite_for_linux | Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux or ICE-LX) 2.11 and earlier allows local users to gain privileges via unknown vectors. | 2010-04-01 | 7.2 | CVE-2010-1031 HP HP VUPEN BID SECTRACK SECUNIA |
ibm -- websphere_application_server | Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. | 2010-03-29 | 7.5 | CVE-2010-1182 VUPEN |
joric -- bmxplay | Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file. | 2010-03-29 | 9.3 | CVE-2009-4759 BID MILW0RM |
linux -- kernel | Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled causes the skb structure to be freed. | 2010-03-31 | 7.1 | CVE-2010-1188 CONFIRM MLIST CONFIRM |
mercuryaudio -- audio_player | Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file. | 2010-03-29 | 9.3 | CVE-2009-4755 XF BID MILW0RM MILW0RM SECUNIA OSVDB |
microsoft -- ie | Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability." | 2010-03-29 | 9.3 | CVE-2010-1175 BUGTRAQ |
microsoft -- 27mhz_wireless_keyboard | The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | 2010-03-29 | 7.6 | CVE-2010-1184 MISC MISC |
microsoft -- ie | Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0267 VUPEN BID MS SECTRACK |
microsoft -- ie | Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0489 VUPEN BID MS SECTRACK |
microsoft -- ie | Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0490 VUPEN BID MS SECTRACK |
microsoft -- ie | Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0491 VUPEN BID MS SECTRACK IDEFENSE |
microsoft -- ie | mstime.dll in Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0492 VUPEN BID MS SECTRACK |
microsoft -- ie | The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL that triggers memory corruption, aka "Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0805 VUPEN BID MS SECTRACK |
microsoft -- ie | Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 2010-03-31 | 9.3 | CVE-2010-0807 VUPEN BID MS SECTRACK |
microsoft -- virtual_pc | The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." | 2010-04-01 | 9.3 | CVE-2010-1225 BID BUGTRAQ MISC SECTRACK |
mini-stream -- rm_downloader | Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file. | 2010-03-29 | 9.3 | CVE-2009-4761 XF BID MILW0RM MILW0RM |
moinmo -- moinmoin | MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. | 2010-03-29 | 7.5 | CVE-2009-4762 CONFIRM CONFIRM VUPEN DEBIAN CONFIRM |
sap -- maxdb | Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information. | 2010-03-29 | 10.0 | CVE-2010-1185 XF MISC VUPEN SECTRACK BID BUGTRAQ SECUNIA OSVDB |
sun -- jdk | Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0087 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0094 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0837 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0838 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0839 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0840 CONFIRM |
sun -- jdk | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0841 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0842 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0843 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0844 CONFIRM |
sun -- jdk | Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0846 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0847 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0848 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0849 CONFIRM |
sun -- jdk | Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-04-01 | 7.5 | CVE-2010-0850 CONFIRM |
sun -- java_system_communications_express | Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc. | 2010-04-01 | 7.5 | CVE-2010-1227 BUGTRAQ |
vmware -- esx | WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability." | 2010-04-01 | 7.5 | CVE-2010-0686 CONFIRM MLIST BID |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
notsoPureEdit | PHP remote file inclusion vulnerability in templates/template.php in notsoPureEdit 1.4.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. NOTE: some of these details are obtained from third party information. | 2010-03-30 | 6.8 | CVE-2010-1216 VUPEN MISC SECUNIA MISC |
apple -- safari | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. | 2010-03-29 | 4.3 | CVE-2010-1178 MISC |
apple -- mac_os_x | The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." | 2010-03-30 | 6.4 | CVE-2009-2801 APPLE |
apple -- mac_os_x | Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | 2010-03-30 | 6.8 | CVE-2010-0056 APPLE |
apple -- mac_os_x | freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. | 2010-03-30 | 6.4 | CVE-2010-0058 CONFIRM APPLE |
apple -- mac_os_x | CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding. | 2010-03-30 | 6.8 | CVE-2010-0059 CONFIRM APPLE APPLE |
apple -- mac_os_x | CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. | 2010-03-30 | 6.8 | CVE-2010-0060 CONFIRM APPLE APPLE |
apple -- mac_os_x | Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. | 2010-03-30 | 6.8 | CVE-2010-0062 CONFIRM APPLE APPLE |
apple -- mac_os_x | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. | 2010-03-30 | 6.8 | CVE-2010-0063 CONFIRM APPLE |
apple -- mac_os_x | DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. | 2010-03-30 | 6.9 | CVE-2010-0064 CONFIRM APPLE |
apple -- mac_os_x | Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. | 2010-03-30 | 6.8 | CVE-2010-0065 CONFIRM APPLE |
apple -- mac_os_x | Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. | 2010-03-30 | 6.8 | CVE-2010-0497 CONFIRM APPLE |
apple -- mac_os_x_server | Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. | 2010-03-30 | 6.8 | CVE-2010-0501 CONFIRM APPLE |
apple -- mac_os_x_server | iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type. | 2010-03-30 | 4.3 | CVE-2010-0502 CONFIRM APPLE |
apple -- mac_os_x_server | Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 2010-03-30 | 6.5 | CVE-2010-0503 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. | 2010-03-30 | 6.8 | CVE-2010-0505 CONFIRM APPLE |
apple -- mac_os_x | Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. | 2010-03-30 | 6.8 | CVE-2010-0506 CONFIRM APPLE |
apple -- mac_os_x | Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. | 2010-03-30 | 6.8 | CVE-2010-0507 CONFIRM APPLE |
apple -- mac_os_x_server | Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | 2010-03-30 | 5.0 | CVE-2010-0511 CONFIRM APPLE |
apple -- mac_os_x | Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | 2010-03-30 | 6.8 | CVE-2010-0513 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. | 2010-03-30 | 6.8 | CVE-2010-0514 CONFIRM APPLE APPLE |
apple -- mac_os_x | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding. | 2010-03-30 | 6.8 | CVE-2010-0515 CONFIRM APPLE APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. | 2010-03-30 | 6.8 | CVE-2010-0516 CONFIRM APPLE APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding. | 2010-03-30 | 6.8 | CVE-2010-0517 CONFIRM APPLE APPLE |
apple -- mac_os_x | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. | 2010-03-30 | 6.8 | CVE-2010-0518 CONFIRM APPLE APPLE |
apple -- mac_os_x | Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FlashPix encoding. | 2010-03-30 | 6.8 | CVE-2010-0519 CONFIRM APPLE APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. | 2010-03-30 | 6.8 | CVE-2010-0520 CONFIRM APPLE APPLE |
apple -- mac_os_x | Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | 2010-03-30 | 5.0 | CVE-2010-0521 APPLE CONFIRM |
apple -- mac_os_x | Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | 2010-03-30 | 5.0 | CVE-2010-0523 CONFIRM APPLE |
apple -- mac_os_x | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with MPEG encoding. | 2010-03-30 | 4.3 | CVE-2010-0526 CONFIRM APPLE APPLE |
apple -- mac_os_x | Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 2010-03-30 | 6.5 | CVE-2010-0535 CONFIRM APPLE |
apple -- itunes | Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | 2010-03-31 | 4.3 | CVE-2010-0531 APPLE SECUNIA |
apple -- itunes | Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | 2010-03-31 | 6.9 | CVE-2010-0532 APPLE SECUNIA |
apple -- iphone_os | The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | 2010-04-01 | 5.0 | CVE-2010-1226 BID MISC |
cisco -- tftp_server | Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information. | 2010-03-29 | 5.0 | CVE-2010-1174 XF BID MISC SECUNIA |
com_janews -- com_janews | Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | 2010-03-30 | 6.8 | CVE-2010-1219 XF BID MISC SECUNIA |
digium -- asterick | main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts. | 2010-04-01 | 4.3 | CVE-2010-1224 CONFIRM XF VUPEN BID BUGTRAQ SECUNIA OSVDB CONFIRM CONFIRM CONFIRM |
google -- chrome | Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document. | 2010-04-01 | 5.0 | CVE-2010-1232 CONFIRM CONFIRM |
google -- chrome | Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors. | 2010-04-01 | 5.0 | CVE-2010-1234 CONFIRM CONFIRM |
google -- chrome | Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors. | 2010-04-01 | 4.3 | CVE-2010-1235 CONFIRM CONFIRM |
hp -- project_and_portfolio_management_center | Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-03-29 | 4.3 | CVE-2010-0452 BID OSVDB SECTRACK SECUNIA HP HP |
hp -- hp-ux | The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests. | 2010-03-29 | 4.0 | CVE-2010-0451 HP HP BID SECTRACK SECUNIA |
hp -- soa_registry_foundation | Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors. | 2010-03-31 | 5.0 | CVE-2010-0448 HP HP SECTRACK BID SECUNIA |
hp -- soa_registry_foundation | Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 2010-03-31 | 4.3 | CVE-2010-0449 HP HP SECTRACK BID SECUNIA |
hp -- hp-ux | Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors. | 2010-03-31 | 4.4 | CVE-2010-1030 HP HP SECTRACK BID |
ibm -- websphere_application_server | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI. | 2010-04-01 | 4.3 | CVE-2010-0768 XF BID SECUNIA |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. | 2010-04-01 | 4.0 | CVE-2010-0770 AIXAPAR XF BID SECUNIA |
ikiwiki -- ikiwiki | Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. | 2010-03-31 | 4.3 | CVE-2010-1195 VUPEN DEBIAN SECUNIA SECUNIA CONFIRM |
je_form_creator -- je_form_creator | Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. | 2010-03-30 | 4.3 | CVE-2010-1217 BID MISC MISC SECUNIA OSVDB |
linux -- kernel | The Transparent Inter-Process Communication (TIPC) functionality in Linux kernel 2.6.33, and possibly other versions, allows local users to cause a denial of service (kernel OOPS) by sending datagrams through AF_TIPC before entering network mode, which triggers a NULL pointer dereference. | 2010-03-31 | 4.9 | CVE-2010-1187 CONFIRM MLIST |
mediawiki -- mediawiki | MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue." | 2010-03-31 | 5.0 | CVE-2010-1189 MLIST VUPEN DEBIAN SECUNIA |
mediawiki -- mediawiki | thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. | 2010-03-31 | 4.3 | CVE-2010-1190 MLIST VUPEN DEBIAN CONFIRM SECUNIA |
microsoft -- ie | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." | 2010-03-31 | 4.3 | CVE-2010-0488 VUPEN BID MS SECTRACK |
microsoft -- ie | Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." | 2010-03-31 | 4.3 | CVE-2010-0494 VUPEN BID MS SECTRACK |
mm_forum -- mmforum | Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-03-30 | 4.3 | CVE-2010-1218 XF BID CONFIRM CONFIRM |
recly -- clickheat-heatmap | Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVisites before 2.4, has unknown impact and attack vectors. NOTE: due to lack of details from the vendor, it is not clear whether this is related to CVE-2008-5793. | 2010-03-30 | 6.8 | CVE-2009-4763 XF BID CONFIRM SECUNIA |
sahanafoundation -- sahana | Sahana disaster management system 0.6.2.2, and possibly other versions, allows remote attackers to bypass intended access restrictions and disable administrator authentication via a direct request to stream.php in an acl_enable_acl action to the admin module. | 2010-03-31 | 6.4 | CVE-2010-1191 BUGTRAQ MISC SECUNIA |
skadate -- skadate_online_dating_software | PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote attackers to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | 2010-03-26 | 6.8 | CVE-2009-4739 XF XF BID MILW0RM SECUNIA OSVDB |
stafford.uklinux -- libesmtp | libESMTP, probably 1.0.4 and earlier, does not properly handle a ' |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.