Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB15-096: Vulnerability Summary for the Week of March 30, 2015

Original release date: April 06, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — cassandra The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. 2015-04-03 7.5 CVE-2015-0225
MLIST
MISC
cisco — nx-os The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. 2015-03-27 7.9 CVE-2015-0658
SECTRACK
CISCO
cisco — prime_data_center_network_manager Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. 2015-04-03 7.8 CVE-2015-0666
CISCO
cisco — ios_xe Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. 2015-04-02 7.8 CVE-2015-0685
CISCO
debian — cifs-utils Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. 2015-03-31 10.0 CVE-2014-2830
MLIST
CONFIRM
CONFIRM
CONFIRM
MANDRIVA
MLIST
CONFIRM
dulwich_project — dulwich The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. 2015-03-31 7.5 CVE-2014-9706
MLIST
CONFIRM
MLIST
MLIST
DEBIAN
dulwich_project — dulwich Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. 2015-03-31 7.5 CVE-2015-0838
MLIST
DEBIAN
egroupware — egroupware eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php. 2015-03-31 7.5 CVE-2014-2027
MLIST
MANDRIVA
CONFIRM
MLIST
CONFIRM
embedthis — goahead EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. 2015-03-31 7.5 CVE-2014-9707
CONFIRM
CONFIRM
BUGTRAQ
FULLDISC
MISC
emc — isilon_onefs The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. 2015-03-29 7.2 CVE-2015-0528
BUGTRAQ
MISC
file_project — file readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. 2015-03-30 7.5 CVE-2014-9653
CONFIRM
DEBIAN
CONFIRM
MLIST
MLIST
CONFIRM
gnome — byzanz The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. 2015-03-29 7.5 CVE-2015-2785
CONFIRM
MISC
MLIST
google — chrome Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. 2015-04-01 7.5 CVE-2015-1233
CONFIRM
CONFIRM
hidemaru — editor Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. 2015-04-03 7.5 CVE-2015-0903
JVNDB
JVN
CONFIRM
hp — integrated_lights-out_2_firmware Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. 2015-03-31 10.0 CVE-2014-7876
HP
SECTRACK
hp — operations_orchestration Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. 2015-03-31 7.5 CVE-2015-2109
HP
johnsoncontrols — metsys Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. 2015-03-29 10.0 CVE-2014-5428
MISC
mercurial — mercurial The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. 2015-03-31 7.5 CVE-2014-9462
OSVDB
CONFIRM
SUSE
MISC
microsys — promotic Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. 2015-03-29 7.5 CVE-2014-9205
MISC
MISC
CONFIRM
mozilla — firefox Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. 2015-04-01 7.5 CVE-2015-0801
CONFIRM
CONFIRM
mozilla — firefox The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element’s attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. 2015-04-01 7.5 CVE-2015-0803
CONFIRM
CONFIRM
mozilla — firefox The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element. 2015-04-01 7.5 CVE-2015-0804
CONFIRM
CONFIRM
mozilla — firefox The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. 2015-04-01 7.5 CVE-2015-0805
CONFIRM
CONFIRM
mozilla — firefox The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content. 2015-04-01 7.5 CVE-2015-0806
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-04-01 7.5 CVE-2015-0814
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mozilla — firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2015-04-01 7.5 CVE-2015-0815
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mybb — mybb Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to “Group join request notifications sent to wrong group leaders.” 2015-03-29 10.0 CVE-2015-2786
CONFIRM
nih — libzip Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. 2015-03-30 7.5 CVE-2015-2331
CONFIRM
SECTRACK
DEBIAN
CONFIRM
SUSE
CONFIRM
CONFIRM
pbm212030_project — pbm212030 Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an “internal intermediate heap-based buffer.” 2015-03-29 7.5 CVE-2013-7438
CONFIRM
CONFIRM
MLIST
php — php Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. 2015-03-30 7.5 CVE-2014-9705
MISC
CONFIRM
UBUNTU
DEBIAN
CONFIRM
MLIST
php — php Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. 2015-03-30 7.5 CVE-2015-0273
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
SUSE
SUSE
SUSE
CONFIRM
php — php Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2015-03-30 7.5 CVE-2015-1351
CONFIRM
MLIST
CONFIRM
php — php Multiple integer overflows in the calendar extension in PHP through 5.6.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted year value to (1) the GregorianToSdn function in gregor.c or (2) the JulianToSdn function in julian.c, as demonstrated by a crafted third argument to the gregoriantojd or juliantojd function. 2015-03-30 7.5 CVE-2015-1353
MISC
MLIST
php — php Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. 2015-03-30 7.5 CVE-2015-2301
CONFIRM
CONFIRM
UBUNTU
DEBIAN
CONFIRM
MLIST
CONFIRM
php — php Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. 2015-03-30 7.5 CVE-2015-2787
CONFIRM
CONFIRM
CONFIRM
redhat — slapi-nis The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups. 2015-03-30 7.8 CVE-2015-0283
CONFIRM
CONFIRM
REDHAT
sap — afaria The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. 2015-04-01 7.5 CVE-2015-2816
MISC
selinux — setroubleshoot The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. 2015-03-30 10.0 CVE-2015-1815
MISC
CONFIRM
CONFIRM
MLIST
REDHAT
slimframework — slim Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. 2015-03-30 7.5 CVE-2015-2171
CONFIRM
CONFIRM
FULLDISC
websense — triton_ap_email Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703. 2015-03-27 10.0 CVE-2015-2763
CONFIRM
websense — triton_ap_email Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to “Autocomplete Enabled.” 2015-03-27 10.0 CVE-2015-2767
CONFIRM
websense — v-series_appliances SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. 2015-03-27 7.5 CVE-2015-2772
CONFIRM
wpml — wpml The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. 2015-03-30 7.5 CVE-2015-2792
CONFIRM
FULLDISC
MISC
MISC
xen — xen Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. 2015-04-01 7.1 CVE-2015-2751
CONFIRM

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ab_google_map_travel_project — ab_google_map_travel Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php. 2015-04-01 6.8 CVE-2015-2755
CONFIRM
BUGTRAQ
BUGTRAQ
MISC
MISC
apple — safari The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue. 2015-03-31 4.3 CVE-2015-2808
MISC
cisco — wireless_lan_controller The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. 2015-03-27 6.1 CVE-2015-0679
SECTRACK
CISCO
cisco — unified_callmanager Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. 2015-03-27 4.0 CVE-2015-0680
SECTRACK
CISCO
cisco — unified_communications_domain_manager Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a “deprecated page,” aka Bug ID CSCup90168. 2015-04-03 6.5 CVE-2015-0682
CISCO
cisco — unified_communications_domain_manager Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. 2015-04-03 4.0 CVE-2015-0683
CISCO
cisco — unified_communications_domain_manager SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. 2015-04-03 6.5 CVE-2015-0684
CISCO
cisco — nx-os The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. 2015-04-02 6.3 CVE-2015-0686
CISCO
cisco — ios The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. 2015-04-02 6.3 CVE-2015-0687
CISCO
citrix — netscaler Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. 2015-04-03 6.8 CVE-2015-2838
MISC
BUGTRAQ
FULLDISC
MISC
citrix — netscaler The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. 2015-04-03 4.3 CVE-2015-2839
MISC
BUGTRAQ
FULLDISC
MISC
citrix — netscaler Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. 2015-04-03 4.3 CVE-2015-2840
MISC
BUGTRAQ
FULLDISC
MISC
citrix — netscaler Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. 2015-04-03 5.0 CVE-2015-2841
SECTRACK
FULLDISC
dokuwiki — dokuwiki DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. 2015-03-30 6.5 CVE-2015-2172
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
FEDORA
FEDORA
CONFIRM
ecava — integraxor Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. 2015-04-03 4.4 CVE-2015-0990
MISC
embedthis — appweb Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by “Range: x=,”. 2015-03-31 5.0 CVE-2014-9708
CONFIRM
CONFIRM
BUGTRAQ
FULLDISC
MISC
file_project — file The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. 2015-03-30 5.0 CVE-2014-9652
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MLIST
SUSE
SUSE
SUSE
CONFIRM
flashy_project — flashy Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-31 4.3 CVE-2015-0901
JVNDB
JVN
foxitsoftware — reader Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. 2015-03-30 4.4 CVE-2015-2789
CONFIRM
MISC
SECTRACK
EXPLOIT-DB
MISC
foxitsoftware — enterprise_reader Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. 2015-03-30 4.3 CVE-2015-2790
CONFIRM
CONFIRM
SECTRACK
SECTRACK
MISC
MISC
freeipa — freeipa The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. 2015-03-30 5.0 CVE-2015-1827
CONFIRM
CONFIRM
REDHAT
gaia-gis — freexl FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. 2015-03-31 6.8 CVE-2015-2753
CONFIRM
MLIST
MLIST
DEBIAN
gaia-gis — freexl FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a “premature EOF.” 2015-03-31 6.8 CVE-2015-2754
CONFIRM
MLIST
MLIST
gaia-gis — freexl The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. 2015-03-31 4.3 CVE-2015-2776
CONFIRM
MLIST
MLIST
MLIST
DEBIAN
gnu — glibc DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. 2015-03-27 5.0 CVE-2014-8121
MLIST
CONFIRM
REDHAT
google — bionic The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800. 2015-04-01 5.0 CVE-2012-2808
MISC
MISC
google — chrome Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. 2015-04-01 6.8 CVE-2015-1234
CONFIRM
CONFIRM
CONFIRM
honeywell — excel_web_xl_1000c1000_600_i/o Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. 2015-03-30 5.0 CVE-2015-0984
MISC
hospira — mednet Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. 2015-04-03 5.0 CVE-2014-5403
MISC
hospira — mednet Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. 2015-04-03 4.0 CVE-2014-5405
MISC
hp — integrated_lights-out_2_firmware Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. 2015-03-31 6.4 CVE-2015-2106
HP
SECTRACK
ibm — security_access_manager_for_web_7.0_firmware The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. 2015-03-31 5.0 CVE-2015-1892
CERT-VN
CONFIRM
AIXAPAR
AIXAPAR
icoasoft — potrace Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. 2015-03-29 5.0 CVE-2013-7437
MISC
MISC
MLIST
inductiveautomation — ignition Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-04-03 4.3 CVE-2015-0976
MISC
inductiveautomation — ignition Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. 2015-04-03 5.0 CVE-2015-0991
MISC
inductiveautomation — ignition Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. 2015-04-03 6.4 CVE-2015-0993
MISC
inductiveautomation — ignition Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. 2015-04-03 4.0 CVE-2015-0994
MISC
inductiveautomation — ignition Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. 2015-04-03 5.0 CVE-2015-0995
MISC
johnsoncontrols — metsys Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. 2015-03-29 5.0 CVE-2014-5427
MISC
libgd — libgd The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. 2015-03-30 5.0 CVE-2014-9709
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mcafee — data_loss_prevention_endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. 2015-03-27 4.0 CVE-2015-2757
CONFIRM
mcafee — data_loss_prevention_endpoint The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. 2015-03-27 6.5 CVE-2015-2758
CONFIRM
mcafee — data_loss_prevention_endpoint Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. 2015-03-27 6.8 CVE-2015-2759
CONFIRM
mongodb — mongodb MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. 2015-03-30 5.0 CVE-2015-1609
CONFIRM
FEDORA
FEDORA
mozilla — firefox The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. 2015-04-01 5.0 CVE-2015-0800
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. 2015-04-01 5.0 CVE-2015-0802
CONFIRM
CONFIRM
mozilla — firefox The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. 2015-04-01 6.8 CVE-2015-0807
CONFIRM
CONFIRM
mozilla — firefox The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. 2015-04-01 5.0 CVE-2015-0808
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. 2015-04-01 4.3 CVE-2015-0810
CONFIRM
CONFIRM
mozilla — firefox The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation. 2015-04-01 6.4 CVE-2015-0811
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. 2015-04-01 4.3 CVE-2015-0812
CONFIRM
CONFIRM
mozilla — firefox Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. 2015-04-01 5.1 CVE-2015-0813
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. 2015-04-01 5.0 CVE-2015-0816
CONFIRM
CONFIRM
nishishi — fumy_teachers_schedule_board Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher’s Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-03-31 4.3 CVE-2015-0900
CONFIRM
JVNDB
JVN
CONFIRM
openldap — openldap The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user’s permissions and other user attributes via unspecified vectors. 2015-04-01 4.0 CVE-2014-9713
CONFIRM
MLIST
DEBIAN
openstack — compute OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. 2015-04-01 5.1 CVE-2015-0259
CONFIRM
MLIST
pfsense — pfsense Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php. 2015-04-01 4.3 CVE-2015-2294
CONFIRM
MISC
BUGTRAQ
MISC
php — php The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. 2015-03-30 4.6 CVE-2013-6501
CONFIRM
SUSE
php — php The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. 2015-03-30 5.0 CVE-2015-1352
CONFIRM
MLIST
CONFIRM
php — php The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. 2015-03-30 5.0 CVE-2015-2348
CONFIRM
CONFIRM
CONFIRM
rockwellautomation — factorytalk_services_platform Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2015-03-30 6.9 CVE-2014-9209
MISC
MISC
rxspencer_project — rxspencer Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. 2015-03-30 6.8 CVE-2015-2305
CERT-VN
MISC
DEBIAN
MLIST
MLIST
sap — netweaver_enterprise_portal XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. 2015-04-01 5.0 CVE-2015-2811
MISC
sap — netweaver_enterprise_portal XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. 2015-04-01 5.0 CVE-2015-2812
MISC
sap — mobile_platform XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. 2015-04-01 5.0 CVE-2015-2813
MISC
sap — clinical_task_tracker SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. 2015-04-01 6.4 CVE-2015-2814
MISC
sap — netweaver Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. 2015-04-01 6.5 CVE-2015-2815
MISC
sap — netweaver The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. 2015-04-01 5.0 CVE-2015-2817
MISC
sap — mobile_platform XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. 2015-04-01 5.0 CVE-2015-2818
MISC
sap — sybase_sql_anywhere SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. 2015-04-01 5.0 CVE-2015-2819
MISC
sap — afaria Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. 2015-04-01 5.0 CVE-2015-2820
MISC
schneider-electric — vampset Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. 2015-04-03 4.4 CVE-2014-8390
MISC
CONFIRM
schneider_electric — indusoft_web_studio Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. 2015-03-29 5.0 CVE-2015-0997
MISC
CONFIRM
CONFIRM
semperfiwebdesign — all_in_one_seo_pack The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code. 2015-04-03 5.0 CVE-2015-0902
CONFIRM
JVNDB
JVN
shibboleth — shibboleth-sp Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. 2015-03-31 4.0 CVE-2015-2684
CONFIRM
DEBIAN
synology — diskstation_manager The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. 2015-03-31 5.0 CVE-2015-2809
CONFIRM
CERT-VN
typo3 — neos TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. 2015-04-01 6.5 CVE-2015-2821
CONFIRM
websense — v-series_appliances Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path. 2015-03-27 4.0 CVE-2014-9712
CONFIRM
CONFIRM
websense — triton_ap_web Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-27 4.3 CVE-2015-2761
CONFIRM
websense — triton_ap_web Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. 2015-03-27 5.0 CVE-2015-2762
CONFIRM
websense — triton_ap_data Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. 2015-03-27 4.3 CVE-2015-2764
CONFIRM
websense — triton_ap_email The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. 2015-03-27 4.3 CVE-2015-2765
CONFIRM
websense — triton_ap_email The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. 2015-03-27 5.0 CVE-2015-2766
CONFIRM
websense — triton_ap_email Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-27 4.3 CVE-2015-2768
CONFIRM
websense — triton_ap_email Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2015-03-27 6.8 CVE-2015-2769
CONFIRM
websense — v-series_appliances Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2015-03-27 6.8 CVE-2015-2770
CONFIRM
websense — triton_ap_email The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. 2015-03-27 5.0 CVE-2015-2771
CONFIRM
websense — v-series_appliances SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. 2015-03-27 5.0 CVE-2015-2773
CONFIRM
wpml — wpml The “menu sync” function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. 2015-03-30 6.4 CVE-2015-2791
CONFIRM
BUGTRAQ
FULLDISC
MISC
MISC
xen — xen The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptable, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). 2015-04-01 4.9 CVE-2015-2752
CONFIRM
xen — xen QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. 2015-04-01 4.9 CVE-2015-2756
CONFIRM
MLIST
xzeres — 442sr Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user’s password via a GET request. 2015-03-30 6.8 CVE-2015-0985
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
greenend — putty The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. 2015-03-27 2.1 CVE-2015-2157
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
FEDORA
FEDORA
FEDORA
hospira — mednet The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. 2015-04-03 2.1 CVE-2014-5400
MISC
hp — operations_orchestration Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. 2015-03-31 3.5 CVE-2015-2108
HP
SECTRACK
inductiveautomation — ignition Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. 2015-04-03 2.1 CVE-2015-0992
MISC
mcafee — data_loss_prevention_endpoint Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 2015-03-27 3.5 CVE-2015-2760
CONFIRM
schneider_electric — indusoft_web_studio Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. 2015-03-29 2.1 CVE-2015-0996
MISC
CONFIRM
CONFIRM
schneider_electric — indusoft_web_studio Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. 2015-03-29 3.3 CVE-2015-0998
MISC
CONFIRM
CONFIRM
schneider_electric — indusoft_web_studio Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. 2015-03-29 2.1 CVE-2015-0999
MISC
CONFIRM
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: April 01, 2015

Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Original release date: March 31, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 37
  • Firefox ESR 31.6
  • Thunderbird 31.6

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-089: Vulnerability Summary for the Week of March 23, 2015

Original release date: March 30, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arubanetworks — arubaos The “RAP console” feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. 2015-03-24 7.2 CVE-2015-1388
CONFIRM
cisco — ios The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. 2015-03-26 9.0 CVE-2015-0635
CISCO
cisco — ios The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. 2015-03-26 7.8 CVE-2015-0636
CISCO
cisco — ios The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315. 2015-03-26 7.8 CVE-2015-0637
CISCO
cisco — ios Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. 2015-03-26 7.1 CVE-2015-0638
CISCO
cisco — ios_xe The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. 2015-03-26 7.8 CVE-2015-0639
CISCO
cisco — ios_xe The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. 2015-03-26 7.8 CVE-2015-0640
CISCO
cisco — ios_xe Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. 2015-03-26 7.8 CVE-2015-0641
CISCO
cisco — ios Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. 2015-03-26 7.8 CVE-2015-0642
CONFIRM
CISCO
cisco — ios Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. 2015-03-26 7.8 CVE-2015-0643
CONFIRM
CISCO
cisco — ios_xe AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. 2015-03-26 7.8 CVE-2015-0644
CISCO
cisco — ios_xe The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. 2015-03-26 7.8 CVE-2015-0645
CISCO
cisco — ios Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. 2015-03-26 7.8 CVE-2015-0646
CISCO
cisco — ios Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. 2015-03-26 7.8 CVE-2015-0647
CISCO
cisco — ios Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. 2015-03-26 7.8 CVE-2015-0648
CISCO
cisco — ios Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. 2015-03-26 7.8 CVE-2015-0649
CISCO
cisco — ios The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. 2015-03-26 7.8 CVE-2015-0650
CISCO
citrix — command_center Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. 2015-03-26 7.5 CVE-2015-2683
MISC
BUGTRAQ
CONFIRM
FULLDISC
MISC
futomi — mp_form_mail_cgi futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. 2015-03-20 7.5 CVE-2015-0898
JVN
CONFIRM
JVNDB
CONFIRM
genixcms — genixcms Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. 2015-03-23 7.5 CVE-2015-2679
CONFIRM
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
MISC
OSVDB
OSVDB
CONFIRM
ibm — general_parallel_file_system IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. 2015-03-23 7.2 CVE-2015-0197
CONFIRM
ibm — general_parallel_file_system IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. 2015-03-23 10.0 CVE-2015-0198
CONFIRM
linuxfoundation — cups-filters The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. 2015-03-24 7.5 CVE-2015-2265
UBUNTU
CONFIRM
CONFIRM
mozilla — firefox Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. 2015-03-23 7.5 CVE-2015-0818
CONFIRM
UBUNTU
SECTRACK
CONFIRM
DEBIAN
REDHAT
SUSE
SUSE
sixapart — movable_type Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. 2015-03-27 7.5 CVE-2013-2184
MISC
DEBIAN
MLIST
MLIST
solarwinds — firewall_security_manager userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. 2015-03-24 10.0 CVE-2015-2284
MISC
tcpdump — tcpdump Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. 2015-03-24 7.5 CVE-2015-0261
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
MISC
tcpdump — tcpdump The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. 2015-03-24 7.5 CVE-2015-2155
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
MISC
vastal — phpvid SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. 2015-03-20 7.5 CVE-2015-2563
MISC
FULLDISC
MISC
web-dorado — ecommerce_wd Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. 2015-03-20 7.5 CVE-2015-2562
FULLDISC
MISC
x — libxfont The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. 2015-03-20 8.5 CVE-2015-1802
MISC
UBUNTU
SECTRACK
DEBIAN
FEDORA
FEDORA
x — libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. 2015-03-20 8.5 CVE-2015-1803
MISC
UBUNTU
SECTRACK
DEBIAN
FEDORA
FEDORA
x — libxfont The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. 2015-03-20 8.5 CVE-2015-1804
MISC
UBUNTU
SECTRACK
DEBIAN
FEDORA
FEDORA

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — batik XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. 2015-03-24 6.4 CVE-2015-0250
CONFIRM
UBUNTU
FULLDISC
apache — xerces-c internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. 2015-03-24 5.0 CVE-2015-0252
CONFIRM
DEBIAN
asus — rt-g32_firmware Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. 2015-03-23 6.8 CVE-2015-2676
MISC
FULLDISC
MISC
asus — rt-g32_firmware Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. 2015-03-23 4.3 CVE-2015-2681
MISC
FULLDISC
MISC
cisco — ios The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. 2015-03-20 6.4 CVE-2015-0669
SECTRACK
CISCO
cisco — spa_301_1_line_ip_phone The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. 2015-03-20 6.4 CVE-2015-0670
SECTRACK
CISCO
cisco — ios_xr The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. 2015-03-26 5.0 CVE-2015-0672
CISCO
cisco — mobility_services_engine Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. 2015-03-26 4.0 CVE-2015-0673
CISCO
citrix — command_center Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. 2015-03-26 5.0 CVE-2015-2682
MISC
CONFIRM
FULLDISC
MISC
codoforum — codoforum The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. 2015-03-23 5.0 CVE-2014-9261
CONFIRM
EXPLOIT-DB
MISC
MISC
OSVDB
cs-cart — cs-cart Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. 2015-03-25 6.8 CVE-2015-2701
EXPLOIT-DB
OSVDB
digia — qt The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. 2015-03-25 5.0 CVE-2015-0295
MLIST
SUSE
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
FEDORA
djangoproject — django The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. 2015-03-25 5.0 CVE-2015-2316
CONFIRM
UBUNTU
djangoproject — django The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a x08javascript: URL. 2015-03-25 4.3 CVE-2015-2317
CONFIRM
DEBIAN
UBUNTU
genixcms — genixcms Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. 2015-03-23 4.3 CVE-2015-2678
MISC
MISC
CONFIRM
MISC
EXPLOIT-DB
MISC
OSVDB
gluster — glusterfs The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a “00000000” fragment header. 2015-03-27 5.0 CVE-2014-3619
MISC
CONFIRM
SUSE
SUSE
gnu — gnutls GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. 2015-03-24 5.0 CVE-2015-0282
CONFIRM
DEBIAN
ibm — rational_clearquest Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. 2015-03-24 6.8 CVE-2014-8925
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-03-23 4.3 CVE-2015-0105
CONFIRM
AIXAPAR
AIXAPAR
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-03-23 4.3 CVE-2015-0106
CONFIRM
AIXAPAR
ibm — powervc IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate. 2015-03-23 4.3 CVE-2015-0137
CONFIRM
ibm — tivoli_directory_server GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the “FREAK” issue, a different vulnerability than CVE-2015-0204. 2015-03-24 4.3 CVE-2015-0138
CONFIRM
ibm — business_process_manager Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. 2015-03-23 4.3 CVE-2015-0158
CONFIRM
SECTRACK
AIXAPAR
AIXAPAR
AIXAPAR
ibm — general_parallel_file_system The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls. 2015-03-23 4.9 CVE-2015-0199
CONFIRM
inetc_project — inetc The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. 2015-03-21 4.3 CVE-2015-0941
CERT-VN
metalgenix — genixcms Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. 2015-03-23 6.8 CVE-2015-2680
CONFIRM
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
MISC
OSVDB
CONFIRM
mozilla — firefox The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. 2015-03-23 6.8 CVE-2015-0817
CONFIRM
UBUNTU
SECTRACK
CONFIRM
DEBIAN
REDHAT
SUSE
SUSE
projectsend — projectsend SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. 2015-03-20 6.5 CVE-2015-2564
BUGTRAQ
MISC
EXPLOIT-DB
FULLDISC
MISC
OSVDB
redhat — richfaces JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. 2015-03-26 6.8 CVE-2015-0279
CONFIRM
REDHAT
tcpdump — tcpdump The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). 2015-03-24 5.0 CVE-2015-2153
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
MISC
tcpdump — tcpdump The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. 2015-03-24 5.0 CVE-2015-2154
CONFIRM
SECTRACK
BUGTRAQ
DEBIAN
MISC
websense — triton_ap_web Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. 2015-03-25 4.3 CVE-2014-9711
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MISC
MISC
websense — triton_ap_data Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. 2015-03-25 4.3 CVE-2015-2702
MISC
CONFIRM
BUGTRAQ
FULLDISC
MISC
websense — triton_ap_web Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. 2015-03-25 4.3 CVE-2015-2703
MISC
MISC
CONFIRM
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MISC
MISC
websense — triton The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the “second” parameter of a command, as demonstrated by the Destination parameter in the ping command. 2015-03-26 6.5 CVE-2015-2746
MISC
CONFIRM
BUGTRAQ
FULLDISC
MISC
websense — triton Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. 2015-03-26 4.3 CVE-2015-2747
MISC
BUGTRAQ
FULLDISC
MISC
websense — triton_ap_data Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. 2015-03-26 5.0 CVE-2015-2748
MISC
CONFIRM
BUGTRAQ
FULLDISC
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
drupal — drupal Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. 2015-03-25 3.5 CVE-2015-2559
CONFIRM
DEBIAN
emc — xcelerated_management_system EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. 2015-03-23 2.1 CVE-2015-0527
BUGTRAQ
greenend — putty The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. 2015-03-27 2.1 CVE-2015-2157
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
SUSE
FEDORA
FEDORA
ibm — installation_manager IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. 2015-03-24 1.2 CVE-2014-6134
CONFIRM
ibm — security_identity_manager_adapter The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. 2015-03-24 1.9 CVE-2014-8923
CONFIRM
ibm — business_process_manager Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. 2015-03-23 3.5 CVE-2015-0103
CONFIRM
AIXAPAR
ibm — powervc powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. 2015-03-23 2.1 CVE-2015-0136
CONFIRM
ocportal — ocportal Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php. 2015-03-23 3.5 CVE-2015-2677
CONFIRM
SECTRACK
BUGTRAQ
MISC
CONFIRM
s9y — serendipity Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. 2015-03-23 3.5 CVE-2015-2289
CONFIRM
SECTRACK
BUGTRAQ
MLIST
MISC
CONFIRM

Back to top

 


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Original release date: March 26, 2015

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak.

US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates.
 


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-082: Vulnerability Summary for the Week of March 16, 2015

Original release date: March 23, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339. 2015-03-13 10.0 CVE-2015-0332
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339. 2015-03-13 10.0 CVE-2015-0333
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0336. 2015-03-13 9.3 CVE-2015-0334
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339. 2015-03-13 10.0 CVE-2015-0335
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-0334. 2015-03-13 9.3 CVE-2015-0336
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors. 2015-03-13 10.0 CVE-2015-0338
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335. 2015-03-13 10.0 CVE-2015-0339
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342. 2015-03-13 10.0 CVE-2015-0341
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341. 2015-03-13 10.0 CVE-2015-0342
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
cisco — telepresence_server_software Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. 2015-03-13 7.2 CVE-2015-0660
SECTRACK
CISCO
cisco — anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. 2015-03-16 7.2 CVE-2015-0662
CISCO
hp — arcsight_logger Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors. 2015-03-13 9.0 CVE-2014-7884
CERT-VN
HP
SECTRACK
hp — arcsight_enterprise_security_manager Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. 2015-03-13 10.0 CVE-2014-7885
CERT-VN
HP
SECTRACK
ibm — rational_doors_next_generation The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. 2015-03-18 7.8 CVE-2015-0132
CONFIRM
linux — linux_kernel The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. 2015-03-16 7.2 CVE-2014-7822
CONFIRM
CONFIRM
DEBIAN
REDHAT
REDHAT
REDHAT
CONFIRM
linux — linux_kernel The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock. 2015-03-16 7.2 CVE-2014-8173
CONFIRM
CONFIRM
REDHAT
CONFIRM
linux — linux_kernel The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. 2015-03-16 7.2 CVE-2015-0274
CONFIRM
CONFIRM
SECTRACK
REDHAT
CONFIRM
linux — linux_kernel Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. 2015-03-16 10.0 CVE-2015-1421
CONFIRM
CONFIRM
MLIST
CONFIRM
DEBIAN
CONFIRM
mybb — mybb The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors. 2015-03-19 7.5 CVE-2015-2352
CONFIRM
openssl — openssl Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow. 2015-03-19 7.5 CVE-2015-0292
CONFIRM
CONFIRM
CONFIRM
CONFIRM
scadaengine — bacnet_opc_server Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. 2015-03-13 9.0 CVE-2015-0979
MISC
scadaengine — bacnet_opc_server Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. 2015-03-13 9.0 CVE-2015-0980
MISC
scadaengine — bacnet_opc_server The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. 2015-03-13 7.5 CVE-2015-0981
MISC
schneider_electric — pelco_ds-nv Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. 2015-03-13 7.5 CVE-2015-0982
MISC
CONFIRM
suse — opensuse_osc osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. 2015-03-16 7.5 CVE-2015-0778
CONFIRM
SUSE
SUSE
wpml — wpml SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. 2015-03-17 7.5 CVE-2015-2314
BUGTRAQ
CONFIRM
FULLDISC
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. 2015-03-13 5.0 CVE-2015-0337
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
adobe — flash_player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. 2015-03-13 5.0 CVE-2015-0340
CONFIRM
SECTRACK
SUSE
SUSE
SUSE
SUSE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1068
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1069
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1070
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1071
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1072
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1073
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1074
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1075
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1076
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1077
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1078
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1079
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1080
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1081
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1082
CONFIRM
APPLE
apple — safari WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1. 2015-03-18 6.8 CVE-2015-1083
CONFIRM
APPLE
apple — safari The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. 2015-03-18 5.0 CVE-2015-1084
CONFIRM
APPLE
automount_project — automount automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user’s USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. 2015-03-18 4.4 CVE-2014-8169
CONFIRM
CONFIRM
SUSE
cimon — cmnview Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. 2015-03-13 6.9 CVE-2014-9207
MISC
cisco — anyconnect_secure_mobility_client Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392. 2015-03-16 6.6 CVE-2015-0663
CISCO
cisco — anyconnect_secure_mobility_client The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. 2015-03-18 4.3 CVE-2015-0664
CISCO
cisco — anyconnect_secure_mobility_client The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. 2015-03-16 6.6 CVE-2015-0665
CISCO
cisco — content_services_switch_11500_firmware The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. 2015-03-18 5.0 CVE-2015-0667
CISCO
cisco — webex_meetings_server Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737. 2015-03-19 4.3 CVE-2015-0668
CISCO
cisco — videoscape_delivery_system_for_internet_streamer The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911. 2015-03-19 5.0 CVE-2015-0671
CISCO
ecryptfs — ecryptfs-utils eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. 2015-03-16 5.0 CVE-2014-9687
MISC
UBUNTU
MLIST
MLIST
MLIST
elipse — e3 Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264. 2015-03-13 6.9 CVE-2015-0978
MISC
extplorer — extplorer Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-18 4.3 CVE-2015-0896
CONFIRM
JVNDB
JVN
ge — hydran_m2 The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. 2015-03-13 5.0 CVE-2014-5409
MISC
MISC
hp — operations_manager_i_management_pack HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. 2015-03-13 6.8 CVE-2015-2107
SECTRACK
HP
ibm — rational_collaborative_lifecycle_management IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. 2015-03-18 5.5 CVE-2014-6129
CONFIRM
ibm — rational_collaborative_lifecycle_management IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. 2015-03-18 4.0 CVE-2014-6131
CONFIRM
ibm — api_management The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. 2015-03-18 5.5 CVE-2015-0149
CONFIRM
AIXAPAR
ibm — liberty The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. 2015-03-18 4.3 CVE-2015-0178
CONFIRM
libarchive — libarchive Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. 2015-03-15 6.4 CVE-2015-2304
CONFIRM
CONFIRM
CONFIRM
MLIST
MLIST
DEBIAN
linux — linux_kernel The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. 2015-03-16 6.9 CVE-2014-8159
CONFIRM
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
REDHAT
linux — linux_kernel The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. 2015-03-16 4.9 CVE-2014-8172
CONFIRM
CONFIRM
MLIST
REDHAT
CONFIRM
linux — linux_kernel The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. 2015-03-16 5.0 CVE-2015-1593
MLIST
CONFIRM
CONFIRM
MLIST
CONFIRM
DEBIAN
MISC
CONFIRM
mybb — mybb Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-18 4.3 CVE-2015-2332
CONFIRM
mybb — mybb Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-03-18 4.3 CVE-2015-2333
CONFIRM
mybb — mybb Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2015-03-18 6.8 CVE-2015-2334
CONFIRM
mybb — mybb A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. 2015-03-18 5.0 CVE-2015-2335
CONFIRM
openssl — openssl The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. 2015-03-19 5.0 CVE-2015-0207
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. 2015-03-19 4.3 CVE-2015-0208
CONFIRM
CONFIRM
CONFIRM
openssl — openssl Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import. 2015-03-19 6.8 CVE-2015-0209
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. 2015-03-19 4.3 CVE-2015-0285
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature. 2015-03-19 5.0 CVE-2015-0286
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. 2015-03-19 5.0 CVE-2015-0287
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key. 2015-03-19 5.0 CVE-2015-0288
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c. 2015-03-19 5.0 CVE-2015-0289
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. 2015-03-19 5.0 CVE-2015-0290
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. 2015-03-19 5.0 CVE-2015-0291
CONFIRM
CONFIRM
CONFIRM
openssl — openssl The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. 2015-03-19 5.0 CVE-2015-0293
CONFIRM
CONFIRM
CONFIRM
python-requests — requests The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. 2015-03-18 6.8 CVE-2015-2296
CONFIRM
CONFIRM
UBUNTU
MLIST
MLIST
schneider-electric — device_type_manager Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. 2015-03-13 6.9 CVE-2014-9206
MISC
CONFIRM
wpml — wpml Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI. 2015-03-17 4.3 CVE-2015-2315
BUGTRAQ
CONFIRM
FULLDISC
MISC
MISC
yoast — wordpress_seo Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. 2015-03-17 6.5 CVE-2015-2292
CONFIRM
MISC
CONFIRM
SECTRACK
FULLDISC
MISC
yoast — wordpress_seo Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page. 2015-03-17 6.8 CVE-2015-2293
CONFIRM
MISC
CONFIRM
SECTRACK
FULLDISC
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-18 3.5 CVE-2015-0124
CONFIRM
ibm — rational_doors_next_generation Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-18 3.5 CVE-2015-0125
CONFIRM
ibm — rational_quality_manager Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2015-03-18 3.5 CVE-2015-0128
CONFIRM
ibm — content_collector IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query. 2015-03-18 2.1 CVE-2015-0146
CONFIRM
linux — linux_kernel Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. 2015-03-16 2.1 CVE-2015-1420
CONFIRM
MLIST
DEBIAN
MLIST
mybb — mybb Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) “title to assign” field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php. 2015-03-18 3.5 CVE-2015-2149
CONFIRM
MISC
MLIST
MLIST
FULLDISC
openssl — openssl The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. 2015-03-19 2.6 CVE-2015-1787
CONFIRM
CONFIRM
CONFIRM
xen — xen Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. 2015-03-18 1.9 CVE-2015-2152
CONFIRM
SECTRACK

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Update for OS X Yosemite

Original release date: March 20, 2015

Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Original release date: March 20, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 36.0.3
  • Firefox ESR 31.5.2
  • SeaMonkey 2.33.1

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and SeaMonkey and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

Original release date: March 19, 2015

Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account.

Available updates include:

*         Drupal core 6.35 for 6.x users

*         Drupal core 7.35 for 7.x users

US-CERT encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Safari

Original release date: March 18, 2015

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system.

Updates include:

  •     Safari 8.0.4 for OS X Mountain Lion v10.8.5
  •     Safari 7.1.4 for OS X Mavericks v10.9.5
  •     Safari 6.2.4 for OS X Yosemite v10.10.2

US-CERT encourages users and administrators to review Apple security update HT204560 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.