Original release date: March 23, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. | 2015-03-13 | 10.0 | CVE-2015-0332 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339. | 2015-03-13 | 10.0 | CVE-2015-0333 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0336. | 2015-03-13 | 9.3 | CVE-2015-0334 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339. | 2015-03-13 | 10.0 | CVE-2015-0335 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0334. | 2015-03-13 | 9.3 | CVE-2015-0336 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. | 2015-03-13 | 10.0 | CVE-2015-0338 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335. | 2015-03-13 | 10.0 | CVE-2015-0339 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342. | 2015-03-13 | 10.0 | CVE-2015-0341 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341. | 2015-03-13 | 10.0 | CVE-2015-0342 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| cisco — telepresence_server_software | Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. | 2015-03-13 | 7.2 | CVE-2015-0660 SECTRACK CISCO |
| cisco — anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. | 2015-03-16 | 7.2 | CVE-2015-0662 CISCO |
| hp — arcsight_logger | Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. | 2015-03-13 | 9.0 | CVE-2014-7884 CERT-VN HP SECTRACK |
| hp — arcsight_enterprise_security_manager | Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. | 2015-03-13 | 10.0 | CVE-2014-7885 CERT-VN HP SECTRACK |
| ibm — rational_doors_next_generation | The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 2015-03-18 | 7.8 | CVE-2015-0132 CONFIRM |
| linux — linux_kernel | The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. | 2015-03-16 | 7.2 | CVE-2014-7822 CONFIRM CONFIRM DEBIAN REDHAT REDHAT REDHAT CONFIRM |
| linux — linux_kernel | The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock. | 2015-03-16 | 7.2 | CVE-2014-8173 CONFIRM CONFIRM REDHAT CONFIRM |
| linux — linux_kernel | The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. | 2015-03-16 | 7.2 | CVE-2015-0274 CONFIRM CONFIRM SECTRACK REDHAT CONFIRM |
| linux — linux_kernel | Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. | 2015-03-16 | 10.0 | CVE-2015-1421 CONFIRM CONFIRM MLIST CONFIRM DEBIAN CONFIRM |
| mybb — mybb | The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors. | 2015-03-19 | 7.5 | CVE-2015-2352 CONFIRM |
| openssl — openssl | Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. | 2015-03-19 | 7.5 | CVE-2015-0292 CONFIRM CONFIRM CONFIRM CONFIRM |
| scadaengine — bacnet_opc_server | Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. | 2015-03-13 | 9.0 | CVE-2015-0979 MISC |
| scadaengine — bacnet_opc_server | Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. | 2015-03-13 | 9.0 | CVE-2015-0980 MISC |
| scadaengine — bacnet_opc_server | The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | 2015-03-13 | 7.5 | CVE-2015-0981 MISC |
| schneider_electric — pelco_ds-nv | Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-03-13 | 7.5 | CVE-2015-0982 MISC CONFIRM |
| suse — opensuse_osc | osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | 2015-03-16 | 7.5 | CVE-2015-0778 CONFIRM SUSE SUSE |
| wpml — wpml | SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | 2015-03-17 | 7.5 | CVE-2015-2314 BUGTRAQ CONFIRM FULLDISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 2015-03-13 | 5.0 | CVE-2015-0337 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| adobe — flash_player | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. | 2015-03-13 | 5.0 | CVE-2015-0340 CONFIRM SECTRACK SUSE SUSE SUSE SUSE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1068 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1069 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1070 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1071 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1072 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1073 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1074 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1075 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1076 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1077 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1078 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1079 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1080 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1081 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1082 CONFIRM APPLE |
| apple — safari | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. | 2015-03-18 | 6.8 | CVE-2015-1083 CONFIRM APPLE |
| apple — safari | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 2015-03-18 | 5.0 | CVE-2015-1084 CONFIRM APPLE |
| automount_project — automount | automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user’s USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. | 2015-03-18 | 4.4 | CVE-2014-8169 CONFIRM CONFIRM SUSE |
| cimon — cmnview | Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 2015-03-13 | 6.9 | CVE-2014-9207 MISC |
| cisco — anyconnect_secure_mobility_client | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392. | 2015-03-16 | 6.6 | CVE-2015-0663 CISCO |
| cisco — anyconnect_secure_mobility_client | The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. | 2015-03-18 | 4.3 | CVE-2015-0664 CISCO |
| cisco — anyconnect_secure_mobility_client | The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | 2015-03-16 | 6.6 | CVE-2015-0665 CISCO |
| cisco — content_services_switch_11500_firmware | The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. | 2015-03-18 | 5.0 | CVE-2015-0667 CISCO |
| cisco — webex_meetings_server | Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. | 2015-03-19 | 4.3 | CVE-2015-0668 CISCO |
| cisco — videoscape_delivery_system_for_internet_streamer | The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911. | 2015-03-19 | 5.0 | CVE-2015-0671 CISCO |
| ecryptfs — ecryptfs-utils | eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. | 2015-03-16 | 5.0 | CVE-2014-9687 MISC UBUNTU MLIST MLIST MLIST |
| elipse — e3 | Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264. | 2015-03-13 | 6.9 | CVE-2015-0978 MISC |
| extplorer — extplorer | Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-18 | 4.3 | CVE-2015-0896 CONFIRM JVNDB JVN |
| ge — hydran_m2 | The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. | 2015-03-13 | 5.0 | CVE-2014-5409 MISC MISC |
| hp — operations_manager_i_management_pack | HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | 2015-03-13 | 6.8 | CVE-2015-2107 SECTRACK HP |
| ibm — rational_collaborative_lifecycle_management | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. | 2015-03-18 | 5.5 | CVE-2014-6129 CONFIRM |
| ibm — rational_collaborative_lifecycle_management | IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. | 2015-03-18 | 4.0 | CVE-2014-6131 CONFIRM |
| ibm — api_management | The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. | 2015-03-18 | 5.5 | CVE-2015-0149 CONFIRM AIXAPAR |
| ibm — liberty | The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-03-18 | 4.3 | CVE-2015-0178 CONFIRM |
| libarchive — libarchive | Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | 2015-03-15 | 6.4 | CVE-2015-2304 CONFIRM CONFIRM CONFIRM MLIST MLIST DEBIAN |
| linux — linux_kernel | The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. | 2015-03-16 | 6.9 | CVE-2014-8159 CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU REDHAT |
| linux — linux_kernel | The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. | 2015-03-16 | 4.9 | CVE-2014-8172 CONFIRM CONFIRM MLIST REDHAT CONFIRM |
| linux — linux_kernel | The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. | 2015-03-16 | 5.0 | CVE-2015-1593 MLIST CONFIRM CONFIRM MLIST CONFIRM DEBIAN MISC CONFIRM |
| mybb — mybb | Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-18 | 4.3 | CVE-2015-2332 CONFIRM |
| mybb — mybb | Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-18 | 4.3 | CVE-2015-2333 CONFIRM |
| mybb — mybb | Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-03-18 | 6.8 | CVE-2015-2334 CONFIRM |
| mybb — mybb | A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. | 2015-03-18 | 5.0 | CVE-2015-2335 CONFIRM |
| openssl — openssl | The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. | 2015-03-19 | 5.0 | CVE-2015-0207 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. | 2015-03-19 | 4.3 | CVE-2015-0208 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. | 2015-03-19 | 6.8 | CVE-2015-0209 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. | 2015-03-19 | 4.3 | CVE-2015-0285 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. | 2015-03-19 | 5.0 | CVE-2015-0286 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. | 2015-03-19 | 5.0 | CVE-2015-0287 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. | 2015-03-19 | 5.0 | CVE-2015-0288 CONFIRM CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. | 2015-03-19 | 5.0 | CVE-2015-0289 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. | 2015-03-19 | 5.0 | CVE-2015-0290 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. | 2015-03-19 | 5.0 | CVE-2015-0291 CONFIRM CONFIRM CONFIRM |
| openssl — openssl | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | 2015-03-19 | 5.0 | CVE-2015-0293 CONFIRM CONFIRM CONFIRM |
| python-requests — requests | The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | 2015-03-18 | 6.8 | CVE-2015-2296 CONFIRM CONFIRM UBUNTU MLIST MLIST |
| schneider-electric — device_type_manager | Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. | 2015-03-13 | 6.9 | CVE-2014-9206 MISC CONFIRM |
| wpml — wpml | Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI. | 2015-03-17 | 4.3 | CVE-2015-2315 BUGTRAQ CONFIRM FULLDISC MISC MISC |
| yoast — wordpress_seo | Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | 2015-03-17 | 6.5 | CVE-2015-2292 CONFIRM MISC CONFIRM SECTRACK FULLDISC MISC |
| yoast — wordpress_seo | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page. | 2015-03-17 | 6.8 | CVE-2015-2293 CONFIRM MISC CONFIRM SECTRACK FULLDISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — rational_quality_manager | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-03-18 | 3.5 | CVE-2015-0124 CONFIRM |
| ibm — rational_doors_next_generation | Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-03-18 | 3.5 | CVE-2015-0125 CONFIRM |
| ibm — rational_quality_manager | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2015-03-18 | 3.5 | CVE-2015-0128 CONFIRM |
| ibm — content_collector | IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query. | 2015-03-18 | 2.1 | CVE-2015-0146 CONFIRM |
| linux — linux_kernel | Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. | 2015-03-16 | 2.1 | CVE-2015-1420 CONFIRM MLIST DEBIAN MLIST |
| mybb — mybb | Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) “title to assign” field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php. | 2015-03-18 | 3.5 | CVE-2015-2149 CONFIRM MISC MLIST MLIST FULLDISC |
| openssl — openssl | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. | 2015-03-19 | 2.6 | CVE-2015-1787 CONFIRM CONFIRM CONFIRM |
| xen — xen | Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | 2015-03-18 | 1.9 | CVE-2015-2152 CONFIRM SECTRACK |
This product is provided subject to this Notification and this Privacy & Use policy.