Security Bulletins - April 16 |
Page 4 of 9
April 15, 2010 2010-04-15: Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability Oracle Sun Java System Communications Express is prone to a remote vulnerability in Address Book. The vulnerability can be exploited over the 'HTTP' protocol. http://www.securityfocus.com/bid/39461
April 15, 2010 2010-04-15: Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating. Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions. http://www.securityfocus.com/bid/39453
April 15, 2010 2010-04-15: RPM Configuration File Handling Remote Buffer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition. http://www.securityfocus.com/bid/39493
April 15, 2010 2010-04-15: VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability An attacker can exploit this vulnerability to disclose memory from the host's 'vmware-vmx' process to a guest operating system or potentially the network. This can allow the attackers to harvest potentially sensitive information that can aid in further attacks. http://www.securityfocus.com/bid/39395
April 15, 2010 2010-04-15: Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities Attackers can exploit these issues to execute arbitrary code in the context of the user running the vulnerable applications. http://www.securityfocus.com/bid/39346
April 15, 2010 2010-04-15: Adobe Flash Player and AIR (CVE-2010-0187) Unspecified Denial of Service Vulnerability Successful exploits will allow attackers to crash the application, denying service to legitimate users. http://www.securityfocus.com/bid/38200
April 15, 2010 2010-04-15: Multiple Adobe Products Unspecified Cross Domain Scripting Vulnerability A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or launch spoofing attacks against other sites. Other attacks are also possible. http://www.securityfocus.com/bid/38198
April 15, 2010 2010-04-15: PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability PostgreSQL is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges. http://www.securityfocus.com/bid/37333
April 15, 2010 2010-04-15: PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability PostgreSQL is prone to a security-bypass vulnerability because the application fails to properly validate the domain name in a signed CA certificate, allowing attackers to substitute malicious SSL certificates for trusted ones. Successful exploits allow attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. http://www.securityfocus.com/bid/37334
April 15, 2010 2010-04-15: Apache 'mod_proxy_ajp' Information Disclosure Vulnerability Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. http://www.securityfocus.com/bid/34663
April 15, 2010 2010-04-15: Apache 'mod_proxy' Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. http://www.securityfocus.com/bid/35565
April 15, 2010 2010-04-15: Pidgin Multiple Denial of Service Vulnerabilities Successful exploits will crash the application or make it unresponsive, denying service to legitimate users. http://www.securityfocus.com/bid/38294
April 15, 2010 2010-04-15: Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability Successful exploits may allow remote attackers to trigger denial-of-service conditions. http://www.securityfocus.com/bid/36596
April 15, 2010 2010-04-15: LibThai Unspecified Integer Overflow Vulnerability An attacker can exploit this issue to execute arbitrary code within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability. http://www.securityfocus.com/bid/37822
April 15, 2010 2010-04-15: PhpMesFilms 'index.php' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/33105
April 15, 2010 2010-04-15: Intel BIOS System Management Mode Local Privilege Escalation Vulnerability An attacker can exploit this issue to modify software that runs in System Management Mode (SMM). Successfully exploiting this issue will allow the attacker to compromise affected computers. http://www.securityfocus.com/bid/38251
April 15, 2010 2010-04-15: IBM Lotus Notes 'SURunAs.exe' Insecure Password Storage Information Disclosure Vulnerability Successful attacks can allow local attacker to gain elevated privileges by obtaining access to an administrator's credentials. http://www.securityfocus.com/bid/39525
April 15, 2010 2010-04-15: Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability Attackers can exploit this issue to execute arbitrary code in the context of the user running an affected application or to cause a denial-of-service condition. http://www.securityfocus.com/bid/39518
April 15, 2010 2010-04-15: Oracle E-Business Suite Financials 'jtfwcpnt.jsp' SQL Injection Vulnerability Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.securityfocus.com/bid/39510
April 15, 2010 2010-04-15: Deluxe Blog Factory Joomla! Component 'controller' Parameter Local File Include Vulnerability An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. http://www.securityfocus.com/bid/39508
|