n.runs-SA-2010.001 - Alcatel-Lucent - unauthenticated administrative access to CTI CCA Server

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.001 20-September-2010 Vendor: Alcatel Affected Products: Versions before 9.0.8.4 of the CCAgent option of OmniTouch Contact Center Standard Edition Vulnerability: unauthenticated administrative access to CTI CCA Server Risk: High...

CVE-2010-3415

Google Chrome before 6.0.472.59 does not properly implement Geolocation, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

CVE-2010-3412

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors...

Race condition

Race condition in the console implementation in Google Chrome before 6.0.472.59 has unspecified impact and attack vectors...

CVE-2010-3412

CVE-2010-3412 refers to Google Chrome’s console implementation race condition in versions prior to 6.0.472.59. The description from the CVE entry states an unspecified impact/attack vector. Connected documents corroborate multiple vulnerability listings for Google Chrome around Sep 2010 (includin...

CVE-2010-3398

Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W...

CVE-2010-3171

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acti...

Code injection

Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W...

Denial of service

Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services IIS 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service daemon outage via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service...

CVE-2010-3398

CVE-2010-3398 affects IBM Lotus Sametime Connect 8.5.1 before CF1, via an unspecified vulnerability in the webcontainer implementation (SPR LXUU87S57H and LXUU87S93W). The connected documents do not disclose impact, attack vectors, exploitation details, or a remediation. Information aligns on the...

Fedora Update for libgdiplus FEDORA-2010-13695

Check for the Version of libgdiplus OpenVAS Vulnerability Test Fedora Update for libgdiplus FEDORA-2010-13695 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Debian DSA-2106-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-2760, CVE-2010-3167, CVE-2010-3168 Implementation errors in XUL processing allow the...

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

Null pointer dereference

The pppol2tpxmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service NULL pointer dereference and OOPS or possibly have unspecifi...

Design/Logic Flaw

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

Integer overflow

Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service system crash via...

CVE-2010-2959

Integer overflow in net/can/bcm.c in the Controller Area Network CAN implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service system crash via...

CVE-2010-2524

The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIGCIFSDFSUPCALL is enabled, relies on a user's keyring for the dnsresolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform...

CVE-2010-2248

fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service panic via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite...

CVE-2010-2521

Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR implementation in the NFS server in the Linux kernel before 2.6.34-rc6 allow remote attackers to cause a denial of service panic or possibly execute arbitrary code via a crafted NFSv4 compound WRITE request, related to the readbuf and...