RSA Certificate Manager versions prior to 6.9 Build 558 and RSA Registration Manager versions prior to 6.9 Build 558 suffer from cross site scripting and denial of service vulnerabilities.

EMC Secure Remote Services Virtual Edition (ESRS VE) suffers from GHOST, remote SQL injection, and command injection vulnerabilities. Affected products include versions 3.02 and 3.03.

A vulnerability in the Dropbox SDK for Android may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques.

Community Gallery version 2.0 prior to 12/10/2014 suffers from a cross site scripting vulnerability.

This bulletin summary lists fourteen released Microsoft security bulletins for March, 2015.

Debian Linux Security Advisory 3182-1 – Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSH_MSG_KEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the libssh2 library to crash (denial of service) or otherwise read and use unintended memory areas in this process.

Cisco Security Advisory – Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, or perform a man-in-the-middle attack. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities may be available.

Ubuntu Security Notice 2524-1 – Sylvain Pelissier discovered that eCryptfs did not generate a random salt when encrypting the mount passphrase with the login password. An attacker could use this issue to discover the login password used to protect the mount passphrase and gain unintended access to the encrypted files.

Red Hat Security Advisory 2015-0672-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon to crash under certain conditions.

HP Security Bulletin HPSBUX03281 SSRT101968 1 – Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.