Vulnerability Summary for the Week of October 18, 2010
Released
Oct 25, 2010
Document ID
SB10-298
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- flash_player | Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash. | 2010-10-19 | 9.3 | CVE-2010-3975 BUGTRAQ |
| adobe -- flash_player | Untrusted search path vulnerability in Adobe Flash Player 10.1.82.76, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash. | 2010-10-19 | 9.3 | CVE-2010-3976 BUGTRAQ MISC |
| apache -- axis2 | Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | 2010-10-18 | 10.0 | CVE-2010-0219 CERT-VN MISC XF VUPEN BUGTRAQ MISC MISC SECUNIA |
| g.rodola -- pyftpdlib | FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2010-10-19 | 7.5 | CVE-2007-6737 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2010-10-19 | 7.5 | CVE-2008-7263 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | 2010-10-21 | 9.3 | CVE-2010-4034 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | 2010-10-21 | 9.3 | CVE-2010-4035 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. | 2010-10-21 | 7.5 | CVE-2010-4039 CONFIRM VUPEN BID SECUNIA CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | 2010-10-21 | 9.3 | CVE-2010-4040 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly handle element maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "stale elements." | 2010-10-21 | 9.3 | CVE-2010-4042 VUPEN BID SECUNIA CONFIRM CONFIRM |
| hp -- procurve_m110_access_point | Unspecified vulnerability on HP ProCurve Access Points, Access Controllers, and Mobility Controllers with software 5.1.x through 5.1.9, 5.2.x through 5.2.7, 5.3.x through 5.3.5, and 5.4.x through 5.4.0 allows remote attackers to execute arbitrary code via unknown vectors. | 2010-10-18 | 8.3 | CVE-2010-3287 HP HP |
| kmonos -- xacrett | Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer. | 2010-10-19 | 9.3 | CVE-2010-3157 BID CONFIRM SECUNIA JVNDB JVN |
| mozilla -- firefox | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | 2010-10-21 | 7.5 | CVE-2010-3173 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-10-21 | 9.3 | CVE-2010-3174 CONFIRM CONFIRM |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-10-21 | 9.3 | CVE-2010-3175 CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2010-10-21 | 9.3 | CVE-2010-3176 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla -- firefox | Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. | 2010-10-21 | 9.3 | CVE-2010-3179 CONFIRM CONFIRM |
| mozilla -- firefox | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | 2010-10-21 | 9.3 | CVE-2010-3180 CONFIRM CONFIRM |
| mozilla -- firefox | The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document. | 2010-10-21 | 9.3 | CVE-2010-3183 CONFIRM CONFIRM |
| opera -- opera_browser | Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. | 2010-10-21 | 9.3 | CVE-2010-4045 CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK SECUNIA |
| realnetworks -- realplayer | Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. | 2010-10-18 | 9.3 | CVE-2010-2578 BID CONFIRM |
| realnetworks -- realplayer | Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. | 2010-10-18 | 9.3 | CVE-2010-2998 MISC BID CONFIRM |
| realnetworks -- realplayer | An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. | 2010-10-18 | 9.3 | CVE-2010-3747 MISC BID CONFIRM |
| realnetworks -- realplayer | Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. | 2010-10-18 | 10.0 | CVE-2010-3748 BID CONFIRM |
| realnetworks -- realplayer | The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 does not properly handle an unspecified character within arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted method call, related to a "parameter injection" issue. | 2010-10-18 | 9.3 | CVE-2010-3749 MISC BID CONFIRM |
| realnetworks -- realplayer | rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. | 2010-10-18 | 9.3 | CVE-2010-3750 MISC BID CONFIRM |
| realnetworks -- realplayer | Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. | 2010-10-18 | 9.3 | CVE-2010-3751 MISC BID CONFIRM |
| sap -- businessobjects | CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | 2010-10-18 | 9.0 | CVE-2010-3983 MISC |
| sun -- jdk | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 9.3 | CVE-2010-3550 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3552 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3553 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3554 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 9.3 | CVE-2010-3555 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3556 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3558 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3559 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 7.5 | CVE-2010-3561 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3562 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3563 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3565 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3566 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3567 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3568 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3569 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 7.6 | CVE-2010-3570 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3571 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 10.0 | CVE-2010-3572 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alex_launi -- tangerine | The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3381 CONFIRM |
| apache -- qpid | The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data. | 2010-10-18 | 5.0 | CVE-2009-5005 REDHAT REDHAT CONFIRM CONFIRM VUPEN SECUNIA SECUNIA |
| apache -- qpid | The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange. | 2010-10-18 | 4.0 | CVE-2009-5006 REDHAT REDHAT CONFIRM CONFIRM CONFIRM VUPEN SECUNIA SECUNIA |
| apache -- myfaces | shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. | 2010-10-20 | 5.0 | CVE-2010-2057 CONFIRM CONFIRM CONFIRM |
| ardour -- ardour | Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3349 CONFIRM VUPEN BID SECUNIA FEDORA FEDORA FEDORA CONFIRM |
| bareftp -- bareftp | bareFTP 0.3.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3350 CONFIRM |
| bernhard_wymann -- torcs | The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3384 CONFIRM |
| debian -- mono-debugger | The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3369 CONFIRM |
| dropbox -- dropbox | dropboxd in Dropbox 0.7.110 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3354 CONFIRM |
| ecmwf -- magics++ | magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3393 CONFIRM |
| erik_hjortsberg -- ember | Ember 0.5.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3355 CONFIRM |
| g.rodola -- pyftpdlib | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command. | 2010-10-19 | 6.5 | CVE-2007-6736 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command. | 2010-10-19 | 5.0 | CVE-2007-6738 CONFIRM |
| g.rodola -- pyftpdlib | FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command. | 2010-10-19 | 5.0 | CVE-2007-6739 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | 2010-10-19 | 4.0 | CVE-2007-6740 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017. | 2010-10-19 | 6.5 | CVE-2007-6741 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command. | 2010-10-19 | 6.5 | CVE-2008-7262 CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. | 2010-10-19 | 4.0 | CVE-2008-7264 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | 2010-10-19 | 4.3 | CVE-2009-5010 MISC MISC MLIST MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | 2010-10-19 | 4.3 | CVE-2009-5011 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | 2010-10-19 | 4.0 | CVE-2009-5012 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | 2010-10-19 | 4.0 | CVE-2009-5013 CONFIRM CONFIRM CONFIRM CONFIRM |
| g.rodola -- pyftpdlib | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 2010-10-19 | 4.3 | CVE-2010-3494 MISC MISC MLIST MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors. | 2010-10-21 | 5.0 | CVE-2010-4033 VUPEN BID SECUNIA CONFIRM CONFIRM CONFIRM |
| google -- chrome | Google Chrome before 7.0.517.41 does not properly handle the unloading of a page, which allows remote attackers to spoof URLs via unspecified vectors. | 2010-10-21 | 6.8 | CVE-2010-4036 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | Unspecified vulnerability in Google Chrome before 7.0.517.41 allows remote attackers to bypass the pop-up blocker via unknown vectors. | 2010-10-21 | 4.3 | CVE-2010-4037 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | 2010-10-21 | 4.3 | CVE-2010-4038 VUPEN BID SECUNIA CONFIRM CONFIRM |
| google -- chrome | The sandbox implementation in Google Chrome before 7.0.517.41 on Linux does not properly constrain worker processes, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 2010-10-21 | 6.8 | CVE-2010-4041 VUPEN BID SECUNIA CONFIRM CONFIRM |
| henner_zeller -- henplus | HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3358 CONFIRM |
| herac -- tuxguitar | TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3385 CONFIRM |
| hp -- systems_insight_manager | Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and 6.1 allows remote attackers to read arbitrary files via unknown vectors. | 2010-10-18 | 5.0 | CVE-2010-3286 HP HP |
| hp -- assetcenter | Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2010-10-21 | 4.3 | CVE-2010-3291 VUPEN BID HP HP SECUNIA |
| ibm -- websphere_mq | IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. | 2010-10-20 | 4.3 | CVE-2010-0782 XF CONFIRM AIXAPAR |
| last -- last.fm | lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3362 CONFIRM |
| lhaplus -- lhaplus | Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2010-10-18 | 6.9 | CVE-2010-2368 CONFIRM MISC SECUNIA JVNDB JVN |
| lhaplus -- lhaplus | Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-19 | 6.9 | CVE-2010-3158 CONFIRM SECUNIA JVNDB JVN |
| linux-ha -- ocf_resource_agents | The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3389 CONFIRM CONFIRM |
| lttng -- ust | usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3386 CONFIRM |
| mistelix -- mistelix | Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3365 CONFIRM |
| more-cowbell -- cowbell | Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3353 CONFIRM |
| mozilla -- firefox | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 2010-10-21 | 4.3 | CVE-2010-3170 CONFIRM CONFIRM |
| mozilla -- firefox | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | 2010-10-21 | 4.3 | CVE-2010-3177 CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. | 2010-10-21 | 5.8 | CVE-2010-3178 CONFIRM CONFIRM |
| mozilla -- firefox | Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2010-10-21 | 6.9 | CVE-2010-3181 CONFIRM CONFIRM |
| mozilla -- firefox | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-21 | 6.9 | CVE-2010-3182 CONFIRM CONFIRM |
| nick_copeland -- bristol | startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3351 CONFIRM |
| opera -- opera_browser | Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document. | 2010-10-21 | 4.3 | CVE-2010-4043 CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK SECUNIA |
| opera -- opera_browser | Opera before 10.63 does not ensure that the portion of a URL shown in the Address Bar contains the beginning of the URL, which allows remote attackers to spoof URLs by changing a window's size. | 2010-10-21 | 4.3 | CVE-2010-4044 CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK SECUNIA |
| opera -- opera_browser | Opera before 10.63 does not properly verify the origin of video content, which allows remote attackers to obtain sensitive information by using a video stream as HTML5 canvas content. | 2010-10-21 | 4.3 | CVE-2010-4046 CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK SECUNIA |
| opera -- opera_browser | Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | 2010-10-21 | 4.3 | CVE-2010-4047 CONFIRM CONFIRM CONFIRM CONFIRM SECTRACK SECUNIA |
| opera -- opera_browser | Opera before 10.63 allows user-assisted remote web servers to cause a denial of service (application crash) by sending a redirect during the saving of a file. | 2010-10-21 | 4.3 | CVE-2010-4048 CONFIRM CONFIRM CONFIRM |
| opera -- opera_browser | Opera before 10.63 allows remote attackers to cause a denial of service (application crash) via a Flash movie with a transparent Window Mode (aka wmode) property, which is not properly handled during navigation away from the containing HTML document. | 2010-10-21 | 4.3 | CVE-2010-4049 CONFIRM CONFIRM CONFIRM |
| opera -- opera_browser | Opera before 10.63 allows remote attackers to cause a denial of service (memory corruption) by referencing an SVG document in an IMG element. | 2010-10-21 | 4.3 | CVE-2010-4050 CONFIRM CONFIRM CONFIRM |
| oracle -- mojarra | Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. | 2010-10-20 | 5.0 | CVE-2010-4007 MISC MISC |
| pedro_castro -- gnome-subtitles | gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3357 CONFIRM CONFIRM |
| pedro_villavicencio_garrido -- hipo | Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3360 CONFIRM |
| python -- python | The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | 2010-10-19 | 5.0 | CVE-2010-3492 CONFIRM MLIST MLIST MLIST MLIST |
| python -- python | Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | 2010-10-19 | 4.3 | CVE-2010-3493 CONFIRM CONFIRM MISC CONFIRM MISC MLIST MLIST MLIST MLIST CONFIRM |
| roaraudio -- roaraudio | roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3363 CONFIRM |
| root -- root | The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ROOT 5.18/00 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3376 CONFIRM CONFIRM |
| salome-platform -- salome | The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3377 CONFIRM |
| sap -- businessobjects | Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | 2010-10-18 | 5.0 | CVE-2010-3979 MISC |
| sap -- businessobjects | Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | 2010-10-18 | 4.0 | CVE-2010-3980 MISC |
| sap -- businessobjects | Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | 2010-10-18 | 4.3 | CVE-2010-3981 MISC |
| sap -- businessobjects | SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | 2010-10-18 | 5.0 | CVE-2010-3982 MISC |
| scilab -- scilab | The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3378 CONFIRM CONFIRM |
| shrew -- vpn_client | The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3361 CONFIRM CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 5.1 | CVE-2010-3541 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the JNDI component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | 2010-10-19 | 5.0 | CVE-2010-3548 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 6.8 | CVE-2010-3549 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. | 2010-10-19 | 5.0 | CVE-2010-3551 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 6.8 | CVE-2010-3557 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 5.1 | CVE-2010-3573 CONFIRM |
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2010-10-19 | 5.1 | CVE-2010-3574 CONFIRM |
| susie_ro -- lhasa | Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory. | 2010-10-18 | 6.9 | CVE-2010-2369 MISC JVNDB JVN |
| teamspeak -- teamspeak | The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3383 CONFIRM CONFIRM |
| texmacs -- texmacs | The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3394 CONFIRM |
| tvdr -- vdr | ** DISPUTED ** vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended. | 2010-10-20 | 6.9 | CVE-2010-3387 MISC |
| twiki -- twiki | Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. | 2010-10-18 | 4.3 | CVE-2010-3841 CONFIRM XF BID SECUNIA |
| uoregon -- tau | tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3382 CONFIRM |
| vips -- vips | The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3364 CONFIRM |
| zeus.physik.uni-bonn -- mn_fit | Mn_Fit 5.13 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 2010-10-20 | 6.9 | CVE-2010-3366 CONFIRM |
| zope -- zodb | Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 2010-10-19 | 4.3 | CVE-2010-3495 MISC CONFIRM MLIST MLIST MLIST MLIST SECUNIA CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| sun -- jdk | Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update and 21 allows remote attackers to affect confidentiality via unknown vectors. | 2010-10-19 | 2.6 | CVE-2010-3560 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.