CentOS Errata and Security Advisory 2015:0750 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0750.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9b1c5e6fc09b4bd771526bba9121531dd56ae1066a7e976fcb0a9e59424ecf01 postgresql-8.4.20-2.el6_6.i686.rpm 2d6f25109301286cd1b4c70d76d8b55773aed22d102dee287604db820ef51f1c postgresql-contrib-8.4.20-2.el6_6.i686.rpm 20b37d3688e1231aadbbba02d9de9b1ef0ce14d29df11ddaba457b4e86c3c29f postgresql-devel-8.4.20-2.el6_6.i686.rpm 30e1bd187bf84d8972c738df54008b70bf6479ecbf9a062e0150dd34144a0819 postgresql-docs-8.4.20-2.el6_6.i686.rpm 54e959b271e297dceeaa579a1f7ae7681da67e967977be5bfc3ffd6d2f11066d postgresql-libs-8.4.20-2.el6_6.i686.rpm f90e6904076cf05ac3f078756b6d7d13c727396461ab109d1b2d561d9ff75cb6 postgresql-plperl-8.4.20-2.el6_6.i686.rpm 80bfe27e547b59982c5d25954b5ae85e4b1a6738e5768ae7451f7a772129c891 postgresql-plpython-8.4.20-2.el6_6.i686.rpm 4e89aae1a210bded523f0b0247396dcd1d00c4c0cb557fb89aa48e4c29c18ea8 postgresql-pltcl-8.4.20-2.el6_6.i686.rpm 8e7f2663b0a0eabab967dd85be0d4d8e4a6c2decb934e4e715898ba77ad1f964 postgresql-server-8.4.20-2.el6_6.i686.rpm 834720ab345e29b1492d95ba0ffcd74ef0eef4568a34141590332d057f70d053 postgresql-test-8.4.20-2.el6_6.i686.rpm x86_64: 9b1c5e6fc09b4bd771526bba9121531dd56ae1066a7e976fcb0a9e59424ecf01 postgresql-8.4.20-2.el6_6.i686.rpm ab2948563fa1d47ec9360d10e404f49ceb4f63e818fb949120ecf0c669fda391 postgresql-8.4.20-2.el6_6.x86_64.rpm 46c94eec4d5382afa1325726679e1947fe4b90aea36cd54667d1abdfcf237afd postgresql-contrib-8.4.20-2.el6_6.x86_64.rpm 20b37d3688e1231aadbbba02d9de9b1ef0ce14d29df11ddaba457b4e86c3c29f postgresql-devel-8.4.20-2.el6_6.i686.rpm ee3fdc90c751e7bff1c948e1b0c3a60c3088fbcd69f78f229b62c01a3417a254 postgresql-devel-8.4.20-2.el6_6.x86_64.rpm 33c0334ad155eff14642340d4ffe639321316112bb8335d3b6d73fa2debfdd5f postgresql-docs-8.4.20-2.el6_6.x86_64.rpm 54e959b271e297dceeaa579a1f7ae7681da67e967977be5bfc3ffd6d2f11066d postgresql-libs-8.4.20-2.el6_6.i686.rpm 7b470977301202de1b1fbb5b91e5fa6a49e22817e6d721128f245eb154562c0f postgresql-libs-8.4.20-2.el6_6.x86_64.rpm e74543976b939c8fb02645c5017724c950c2a0f5b055e92024c71aa974a995b7 postgresql-plperl-8.4.20-2.el6_6.x86_64.rpm 03293e559e9a5520dce545a0bdd59b16fce91a2bcc1d7d66a41dcab9b8c8baf4 postgresql-plpython-8.4.20-2.el6_6.x86_64.rpm 0a577fa35944d1edcda3575c0687c0e8502fa607ed22bdf2a125cb1eeff45edb postgresql-pltcl-8.4.20-2.el6_6.x86_64.rpm 4ed70e43633f1631dde37e269b44617fa4f5ccd5dba56d186a61ea2e365a719c postgresql-server-8.4.20-2.el6_6.x86_64.rpm 85b1c69ba73a7802aa51f844d53d3bc3ddb13c582e869260633f0c423a162dbb postgresql-test-8.4.20-2.el6_6.x86_64.rpm Source: cbef7bd40527f2b53850de5b2032aef78bc0bab3068e9ca231f483d302aa9a41 postgresql-8.4.20-2.el6_6.src.rpm
Monthly Archives: March 2015
CEBA-2015:0756 CentOS 6 gnome-terminal BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0756 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0756.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f142f273b39b52330692113229fb1b2705bcb14cc7d3dca87c9af05b17c30547 gnome-terminal-2.31.3-11.el6_6.i686.rpm x86_64: d7d44f7bf07a6b695501abaf97615bff33d0a8b8624e507ee5de88b633f81e31 gnome-terminal-2.31.3-11.el6_6.x86_64.rpm Source: 091b062c38b298d7fe8bddff8e63d815e8aec3cf1a8ec8ffd8d237869c926fc4 gnome-terminal-2.31.3-11.el6_6.src.rpm
CEBA-2015:0754 CentOS 6 cronie FASTTRACK BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0754 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0754.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 28de493fc3a314d52bb60c96688fd807c986e4a3885be4eb339c696229dd6b7c cronie-1.4.4-15.el6.i686.rpm ec22b667ff1f9f11ad54f9cb8eeaaf1fcbea2c4eb2a96f655bea877084b739ef cronie-anacron-1.4.4-15.el6.i686.rpm 5223d45f4a40ae9b521844f666504d55778e166f1c5cd8e8dc92bfd3ac22a2b6 cronie-noanacron-1.4.4-15.el6.i686.rpm x86_64: d2238fa4100380f7607393e48345614bc90e1385f1426dc1269c40b01f07b4bb cronie-1.4.4-15.el6.x86_64.rpm f3ea8f9f6fe548d64699592ccbe326ed474f7b1ae17df7a35b3010b419ed26d0 cronie-anacron-1.4.4-15.el6.x86_64.rpm 606d1a6d304f77eb0e05259fcc1e56391073469f4603040e32ba5637e17a34d6 cronie-noanacron-1.4.4-15.el6.x86_64.rpm Source: eba4bb44466ffc8965cd6f3e58e298ad522b0e95eca38cbc2f3b4521500b80ac cronie-1.4.4-15.el6.src.rpm
CEBA-2015:0755 CentOS 6 pinentry FASTTRACK BugFixUpdate
CentOS Errata and Bugfix Advisory 2015:0755 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0755.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d1f4465b64e0161267195bb8fe53f9a8b5b1ee6e6159c3a6f983deae186bda0e pinentry-0.7.6-8.el6.i686.rpm ff437591b4f488bb9e7536e66495fe43ec35c58425b57cabc89e1d066e0365ec pinentry-gtk-0.7.6-8.el6.i686.rpm f72857f70505a1533aa91203b0d2e2b9de4d23b34ea170ea2202073b2ad2705e pinentry-qt-0.7.6-8.el6.i686.rpm 2b5d65c30499cc59b4eeb23b8f166c4511d0419250efa54414fc82c32c51e4c4 pinentry-qt4-0.7.6-8.el6.i686.rpm x86_64: 6c0de956f85b7f1f86b258462fb2546ee8f7f4f3b9e6eecd26a1ea80541964fe pinentry-0.7.6-8.el6.x86_64.rpm 335fec896578be4933278eb11d00a5613092f8e4a94f71339cd445b727bdc05e pinentry-gtk-0.7.6-8.el6.x86_64.rpm fb70a14ae035381aec2b738e8eb807bc61bdbe1dbda8fa5fb45cf003a8de8eb9 pinentry-qt-0.7.6-8.el6.x86_64.rpm e020b8d550bcdeac8b0842500592c857ad5fb4ca0b9938423162f420b39e5e02 pinentry-qt4-0.7.6-8.el6.x86_64.rpm Source: 8ef5e67049e28dfadf0bbcafe5ef34b2cc195f3f238c273ff9b3123d2d7f11f1 pinentry-0.7.6-8.el6.src.rpm
[CORE-2015-0007] – Schneider Vampset Stack and Heap Buffer Overflow
Posted by CORE Advisories Team on Mar 30
1. Advisory Information
Title: Schneider Vampset Stack and Heap Buffer Overflow
Advisory ID: CORE-2015-0007
Advisory URL: http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow
Date published: 2015-03-30
Date of last update: 2015-03-27
Vendors contacted: Schneider
Release mode: Coordinated release
2. Vulnerability Information
Class: Heap-based Buffer Overflow [CWE-122], Stack-based Buffer Overflow [CWE-121]…
SB15-089: Vulnerability Summary for the Week of March 23, 2015
Original release date: March 30, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arubanetworks — arubaos | The “RAP console” feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | 2015-03-24 | 7.2 | CVE-2015-1388 CONFIRM |
| cisco — ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. | 2015-03-26 | 9.0 | CVE-2015-0635 CISCO |
| cisco — ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. | 2015-03-26 | 7.8 | CVE-2015-0636 CISCO |
| cisco — ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315. | 2015-03-26 | 7.8 | CVE-2015-0637 CISCO |
| cisco — ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | 2015-03-26 | 7.1 | CVE-2015-0638 CISCO |
| cisco — ios_xe | The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. | 2015-03-26 | 7.8 | CVE-2015-0639 CISCO |
| cisco — ios_xe | The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. | 2015-03-26 | 7.8 | CVE-2015-0640 CISCO |
| cisco — ios_xe | Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. | 2015-03-26 | 7.8 | CVE-2015-0641 CISCO |
| cisco — ios | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. | 2015-03-26 | 7.8 | CVE-2015-0642 CONFIRM CISCO |
| cisco — ios | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. | 2015-03-26 | 7.8 | CVE-2015-0643 CONFIRM CISCO |
| cisco — ios_xe | AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. | 2015-03-26 | 7.8 | CVE-2015-0644 CISCO |
| cisco — ios_xe | The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. | 2015-03-26 | 7.8 | CVE-2015-0645 CISCO |
| cisco — ios | Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. | 2015-03-26 | 7.8 | CVE-2015-0646 CISCO |
| cisco — ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | 2015-03-26 | 7.8 | CVE-2015-0647 CISCO |
| cisco — ios | Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | 2015-03-26 | 7.8 | CVE-2015-0648 CISCO |
| cisco — ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | 2015-03-26 | 7.8 | CVE-2015-0649 CISCO |
| cisco — ios | The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. | 2015-03-26 | 7.8 | CVE-2015-0650 CISCO |
| citrix — command_center | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. | 2015-03-26 | 7.5 | CVE-2015-2683 MISC BUGTRAQ CONFIRM FULLDISC MISC |
| futomi — mp_form_mail_cgi | futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | 2015-03-20 | 7.5 | CVE-2015-0898 JVN CONFIRM JVNDB CONFIRM |
| genixcms — genixcms | Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | 2015-03-23 | 7.5 | CVE-2015-2679 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB OSVDB CONFIRM |
| ibm — general_parallel_file_system | IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | 2015-03-23 | 7.2 | CVE-2015-0197 CONFIRM |
| ibm — general_parallel_file_system | IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. | 2015-03-23 | 10.0 | CVE-2015-0198 CONFIRM |
| linuxfoundation — cups-filters | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | 2015-03-24 | 7.5 | CVE-2015-2265 UBUNTU CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | 2015-03-23 | 7.5 | CVE-2015-0818 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE |
| sixapart — movable_type | Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | 2015-03-27 | 7.5 | CVE-2013-2184 MISC DEBIAN MLIST MLIST |
| solarwinds — firewall_security_manager | userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | 2015-03-24 | 10.0 | CVE-2015-2284 MISC |
| tcpdump — tcpdump | Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. | 2015-03-24 | 7.5 | CVE-2015-0261 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| tcpdump — tcpdump | The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 2015-03-24 | 7.5 | CVE-2015-2155 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| vastal — phpvid | SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. | 2015-03-20 | 7.5 | CVE-2015-2563 MISC FULLDISC MISC |
| web-dorado — ecommerce_wd | Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | 2015-03-20 | 7.5 | CVE-2015-2562 FULLDISC MISC |
| x — libxfont | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1802 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
| x — libxfont | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1803 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
| x — libxfont | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1804 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — batik | XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | 2015-03-24 | 6.4 | CVE-2015-0250 CONFIRM UBUNTU FULLDISC |
| apache — xerces-c | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | 2015-03-24 | 5.0 | CVE-2015-0252 CONFIRM DEBIAN |
| asus — rt-g32_firmware | Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 2015-03-23 | 6.8 | CVE-2015-2676 MISC FULLDISC MISC |
| asus — rt-g32_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. | 2015-03-23 | 4.3 | CVE-2015-2681 MISC FULLDISC MISC |
| cisco — ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. | 2015-03-20 | 6.4 | CVE-2015-0669 SECTRACK CISCO |
| cisco — spa_301_1_line_ip_phone | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | 2015-03-20 | 6.4 | CVE-2015-0670 SECTRACK CISCO |
| cisco — ios_xr | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | 2015-03-26 | 5.0 | CVE-2015-0672 CISCO |
| cisco — mobility_services_engine | Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. | 2015-03-26 | 4.0 | CVE-2015-0673 CISCO |
| citrix — command_center | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | 2015-03-26 | 5.0 | CVE-2015-2682 MISC CONFIRM FULLDISC MISC |
| codoforum — codoforum | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | 2015-03-23 | 5.0 | CVE-2014-9261 CONFIRM EXPLOIT-DB MISC MISC OSVDB |
| cs-cart — cs-cart | Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. | 2015-03-25 | 6.8 | CVE-2015-2701 EXPLOIT-DB OSVDB |
| digia — qt | The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. | 2015-03-25 | 5.0 | CVE-2015-0295 MLIST SUSE FEDORA FEDORA FEDORA FEDORA FEDORA FEDORA |
| djangoproject — django | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. | 2015-03-25 | 5.0 | CVE-2015-2316 CONFIRM UBUNTU |
| djangoproject — django | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a x08javascript: URL. | 2015-03-25 | 4.3 | CVE-2015-2317 CONFIRM DEBIAN UBUNTU |
| genixcms — genixcms | Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. | 2015-03-23 | 4.3 | CVE-2015-2678 MISC MISC CONFIRM MISC EXPLOIT-DB MISC OSVDB |
| gluster — glusterfs | The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a “00000000” fragment header. | 2015-03-27 | 5.0 | CVE-2014-3619 MISC CONFIRM SUSE SUSE |
| gnu — gnutls | GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 2015-03-24 | 5.0 | CVE-2015-0282 CONFIRM DEBIAN |
| ibm — rational_clearquest | Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. | 2015-03-24 | 6.8 | CVE-2014-8925 CONFIRM |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0105 CONFIRM AIXAPAR AIXAPAR |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0106 CONFIRM AIXAPAR |
| ibm — powervc | IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate. | 2015-03-23 | 4.3 | CVE-2015-0137 CONFIRM |
| ibm — tivoli_directory_server | GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a different vulnerability than CVE-2015-0204. | 2015-03-24 | 4.3 | CVE-2015-0138 CONFIRM |
| ibm — business_process_manager | Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0158 CONFIRM SECTRACK AIXAPAR AIXAPAR AIXAPAR |
| ibm — general_parallel_file_system | The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls. | 2015-03-23 | 4.9 | CVE-2015-0199 CONFIRM |
| inetc_project — inetc | The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. | 2015-03-21 | 4.3 | CVE-2015-0941 CERT-VN |
| metalgenix — genixcms | Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. | 2015-03-23 | 6.8 | CVE-2015-2680 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB CONFIRM |
| mozilla — firefox | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | 2015-03-23 | 6.8 | CVE-2015-0817 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE |
| projectsend — projectsend | SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | 2015-03-20 | 6.5 | CVE-2015-2564 BUGTRAQ MISC EXPLOIT-DB FULLDISC MISC OSVDB |
| redhat — richfaces | JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. | 2015-03-26 | 6.8 | CVE-2015-0279 CONFIRM REDHAT |
| tcpdump — tcpdump | The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). | 2015-03-24 | 5.0 | CVE-2015-2153 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| tcpdump — tcpdump | The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. | 2015-03-24 | 5.0 | CVE-2015-2154 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| websense — triton_ap_web | Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. | 2015-03-25 | 4.3 | CVE-2014-9711 MISC MISC CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC |
| websense — triton_ap_data | Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. | 2015-03-25 | 4.3 | CVE-2015-2702 MISC CONFIRM BUGTRAQ FULLDISC MISC |
| websense — triton_ap_web | Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. | 2015-03-25 | 4.3 | CVE-2015-2703 MISC MISC CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC |
| websense — triton | The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the “second” parameter of a command, as demonstrated by the Destination parameter in the ping command. | 2015-03-26 | 6.5 | CVE-2015-2746 MISC CONFIRM BUGTRAQ FULLDISC MISC |
| websense — triton | Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. | 2015-03-26 | 4.3 | CVE-2015-2747 MISC BUGTRAQ FULLDISC MISC |
| websense — triton_ap_data | Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | 2015-03-26 | 5.0 | CVE-2015-2748 MISC CONFIRM BUGTRAQ FULLDISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| drupal — drupal | Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | 2015-03-25 | 3.5 | CVE-2015-2559 CONFIRM DEBIAN |
| emc — xcelerated_management_system | EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. | 2015-03-23 | 2.1 | CVE-2015-0527 BUGTRAQ |
| greenend — putty | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | 2015-03-27 | 2.1 | CVE-2015-2157 CONFIRM CONFIRM MLIST MLIST DEBIAN SUSE FEDORA FEDORA |
| ibm — installation_manager | IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. | 2015-03-24 | 1.2 | CVE-2014-6134 CONFIRM |
| ibm — security_identity_manager_adapter | The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. | 2015-03-24 | 1.9 | CVE-2014-8923 CONFIRM |
| ibm — business_process_manager | Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. | 2015-03-23 | 3.5 | CVE-2015-0103 CONFIRM AIXAPAR |
| ibm — powervc | powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. | 2015-03-23 | 2.1 | CVE-2015-0136 CONFIRM |
| ocportal — ocportal | Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php. | 2015-03-23 | 3.5 | CVE-2015-2677 CONFIRM SECTRACK BUGTRAQ MISC CONFIRM |
| s9y — serendipity | Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. | 2015-03-23 | 3.5 | CVE-2015-2289 CONFIRM SECTRACK BUGTRAQ MLIST MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
[ MDVSA-2015:182 ] tcpdump
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:182 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tcpdump Date : March 30, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tcpdump package fixes security vulnerabilities: Several vulnerabilities have been discovered in tcpdump. These vulnerabilities might result in denial of service (application crash) or, potentially, execution of arbitrary code (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153 http://cve.mitre.org/c
[ MDVSA-2015:145-1 ] libxfont
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:145-1 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libxfont Date : March 30, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated libxfont packages fix security vulnerabilities: Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-02
[ MDVSA-2015:147-1 ] libtiff
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:147-1 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libtiff Date : March 30, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated libtiff packages fix security vulnerabilities: The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547). Update: Packages for Mandriva Business Server 1 are now being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bi
[ MDVSA-2015:181 ] drupal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:181 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : drupal Date : March 30, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated drupal packages fix security vulnerabilities: An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983). Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and mul