Original release date: March 10, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| clip-bucket — clipbucket | SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | 2015-02-27 | 7.5 | CVE-2015-2102 EXPLOIT-DB MISC OSVDB |
| dns-sync_project — dns-sync | The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. | 2015-02-27 | 10.0 | CVE-2014-9682 CONFIRM CONFIRM MLIST |
| freebsd — freebsd | Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | 2015-02-27 | 7.8 | CVE-2015-1414 FREEBSD DEBIAN |
| iij — seil/b1 | npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.70 allows remote attackers to cause a denial of service (infinite loop and device hang) via a crafted SSTP packet. | 2015-02-27 | 7.1 | CVE-2015-0887 CONFIRM JVNDB JVN |
| kent-web — joyful_note | KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. | 2015-02-27 | 7.5 | CVE-2015-0889 CONFIRM JVNDB JVN |
| ninjaforms — ninja_forms | Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users. | 2015-03-05 | 7.5 | CVE-2014-9688 CONFIRM |
| photocati_media — photocrati | SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | 2015-03-05 | 7.5 | CVE-2015-2216 MISC |
| symantec — netbackup_opscenter | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | 2015-03-05 | 10.0 | CVE-2015-1483 CONFIRM BID |
| web-dorado — spider_calendar | SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | 2015-03-03 | 7.5 | CVE-2015-2196 EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| beehive_forum — beehive_forum | Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. | 2015-03-03 | 4.3 | CVE-2015-2198 EXPLOIT-DB CONFIRM |
| bestwebsoft — captcha | The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | 2015-03-03 | 5.0 | CVE-2014-9283 CONFIRM JVNDB JVN |
| bestwebsoft — google_captcha | The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. | 2015-03-03 | 5.0 | CVE-2015-0890 CONFIRM JVNDB JVN |
| canonical — ubuntu_linux | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | 2015-03-02 | 4.7 | CVE-2015-0239 CONFIRM CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU MLIST CONFIRM MLIST CONFIRM |
| checkpw_project — checkpw | checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a — (dash dash) in a username. | 2015-02-27 | 5.0 | CVE-2015-0885 JVNDB JVN CONFIRM CONFIRM |
| cisco — secure_access_control_system | Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | 2015-03-05 | 6.5 | CVE-2014-2130 CISCO |
| cisco — ios | The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | 2015-03-05 | 6.8 | CVE-2015-0598 CISCO |
| cisco — ios | The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016. | 2015-03-05 | 4.3 | CVE-2015-0607 SECTRACK BID CONFIRM CISCO |
| cisco — unified_web_and_e-mail_interaction_manager | Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | 2015-02-27 | 4.3 | CVE-2015-0655 CISCO |
| cisco — network_analysis_module_firmware | Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | 2015-03-03 | 4.3 | CVE-2015-0656 CISCO |
| cisco — ios_xr | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | 2015-03-05 | 5.0 | CVE-2015-0657 CISCO |
| cisco — ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157. | 2015-03-05 | 5.0 | CVE-2015-0659 CISCO |
| cisco — ios_xr | The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | 2015-03-05 | 4.0 | CVE-2015-0661 CISCO |
| cosmoshop — cosmoshop | Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter). | 2015-02-27 | 4.3 | CVE-2015-2103 BUGTRAQ MISC |
| dlguard — dlguard | DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | 2015-03-04 | 5.0 | CVE-2015-2209 MISC FULLDISC |
| ffmpeg — ffmpeg | The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service (“invalid memory handler”) and possibly execute arbitrary code via a crafted video that triggers a use after free. | 2015-02-27 | 6.8 | CVE-2014-9676 MLIST |
| fortinet — fortimail | Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | 2015-03-04 | 4.3 | CVE-2014-8617 CONFIRM FULLDISC |
| fusion_project — fusion | Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for WordPress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | 2015-03-03 | 6.5 | CVE-2015-2194 MISC |
| hp — xp7_global_link_manager_software | Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-03 | 4.3 | CVE-2014-7896 HP |
| ibm — notes_traveler_companion | The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message. | 2015-03-01 | 4.3 | CVE-2014-8921 CONFIRM |
| impliedbydesign — navigate | Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-02-27 | 4.3 | CVE-2015-2101 MISC CONFIRM CONFIRM BID |
| kent-web — clip_board | KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. | 2015-02-27 | 6.4 | CVE-2015-0888 CONFIRM JVNDB JVN |
| linux — linux_kernel | net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | 2015-03-02 | 5.0 | CVE-2014-8160 CONFIRM CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU MLIST MLIST CONFIRM |
| magic_hills — wonderplugin_audio_player | Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | 2015-03-05 | 4.3 | CVE-2015-2218 MISC EXPLOIT-DB MISC OSVDB OSVDB |
| microsoft — windows_2003_server | Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue. | 2015-03-06 | 5.0 | CVE-2015-1637 CONFIRM |
| mindrot — jbcrypt | Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent. | 2015-02-27 | 5.0 | CVE-2015-0886 CONFIRM CONFIRM JVNDB JVN |
| netcat — netcat | NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | 2015-03-05 | 5.0 | CVE-2015-2214 MISC FULLDISC MISC |
| ninjaforms — ninja_forms | Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | 2015-03-05 | 4.3 | CVE-2015-2220 MISC BUGTRAQ MISC |
| sap — hana | Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | 2015-02-27 | 4.3 | CVE-2015-2072 BID BUGTRAQ FULLDISC MISC |
| sap — businessobjects_edge | SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | 2015-02-27 | 5.0 | CVE-2015-2075 BID BUGTRAQ FULLDISC MISC |
| sap — businessobjects_edge | The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395. | 2015-02-27 | 5.0 | CVE-2015-2076 BID BUGTRAQ FULLDISC MISC |
| services_single_sign-on_server_helper_project — services_single_sign-on_server_helper | Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | 2015-03-05 | 5.8 | CVE-2015-2215 MISC BID |
| sharelatex — sharelatex | Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | 2015-03-03 | 6.5 | CVE-2015-0934 CERT-VN |
| tips_and_tricks_hq — all_in_one_wordpress_security_and_firewall | SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2015-03-06 | 6.0 | CVE-2015-0894 CONFIRM JVNDB JVN |
| tisa — maroyaka_simple_board | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-04 | 4.3 | CVE-2015-0891 JVNDB JVN MISC |
| tisa — maroyaka_image_album | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-04 | 4.3 | CVE-2015-0892 JVNDB JVN MISC |
| tisa — maroyaka_relay_novel | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-04 | 4.3 | CVE-2015-0893 JVNDB JVN MISC |
| toshiba — bluetooth_stack | Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | 2015-02-27 | 6.9 | CVE-2015-0884 CERT-VN CONFIRM CONFIRM MISC |
| wonderplugin — audio_player | Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. | 2015-03-03 | 6.5 | CVE-2015-2199 MISC EXPLOIT-DB MISC OSVDB OSVDB |
| wp_media_cleaner_project — wp_media_cleaner | Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. | 2015-03-03 | 4.3 | CVE-2015-2195 BUGTRAQ |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| canonical — ubuntu_linux | Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. | 2015-03-03 | 3.6 | CVE-2014-9683 CONFIRM CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU MLIST CONFIRM CONFIRM |
| entity_api_project — entity_api | Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | 2015-03-03 | 3.5 | CVE-2015-2197 MISC CONFIRM BID |
| linux — linux_kernel | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. | 2015-03-02 | 2.1 | CVE-2013-7421 MISC MLIST CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| linux — linux_kernel | The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. | 2015-03-02 | 2.1 | CVE-2014-9644 MISC CONFIRM CONFIRM MLIST CONFIRM CONFIRM |
| sharelatex — sharelatex | Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a include command. | 2015-03-03 | 3.5 | CVE-2015-0933 CERT-VN |
This product is provided subject to this Notification and this Privacy & Use policy.