Original release date: April 06, 2015
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — cassandra | The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | 2015-04-03 | 7.5 | CVE-2015-0225 MLIST MISC |
| cisco — nx-os | The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. | 2015-03-27 | 7.9 | CVE-2015-0658 SECTRACK CISCO |
| cisco — prime_data_center_network_manager | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. | 2015-04-03 | 7.8 | CVE-2015-0666 CISCO |
| cisco — ios_xe | Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. | 2015-04-02 | 7.8 | CVE-2015-0685 CISCO |
| debian — cifs-utils | Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors. | 2015-03-31 | 10.0 | CVE-2014-2830 MLIST CONFIRM CONFIRM CONFIRM MANDRIVA MLIST CONFIRM |
| dulwich_project — dulwich | The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. | 2015-03-31 | 7.5 | CVE-2014-9706 MLIST CONFIRM MLIST MLIST DEBIAN |
| dulwich_project — dulwich | Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | 2015-03-31 | 7.5 | CVE-2015-0838 MLIST DEBIAN |
| egroupware — egroupware | eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php. | 2015-03-31 | 7.5 | CVE-2014-2027 MLIST MANDRIVA CONFIRM MLIST CONFIRM |
| embedthis — goahead | EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. | 2015-03-31 | 7.5 | CVE-2014-9707 CONFIRM CONFIRM BUGTRAQ FULLDISC MISC |
| emc — isilon_onefs | The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | 2015-03-29 | 7.2 | CVE-2015-0528 BUGTRAQ MISC |
| file_project — file | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. | 2015-03-30 | 7.5 | CVE-2014-9653 CONFIRM DEBIAN CONFIRM MLIST MLIST CONFIRM |
| gnome — byzanz | The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | 2015-03-29 | 7.5 | CVE-2015-2785 CONFIRM MISC MLIST |
| google — chrome | Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. | 2015-04-01 | 7.5 | CVE-2015-1233 CONFIRM CONFIRM |
| hidemaru — editor | Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | 2015-04-03 | 7.5 | CVE-2015-0903 JVNDB JVN CONFIRM |
| hp — integrated_lights-out_2_firmware | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. | 2015-03-31 | 10.0 | CVE-2014-7876 HP SECTRACK |
| hp — operations_orchestration | Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. | 2015-03-31 | 7.5 | CVE-2015-2109 HP |
| johnsoncontrols — metsys | Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | 2015-03-29 | 10.0 | CVE-2014-5428 MISC |
| mercurial — mercurial | The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. | 2015-03-31 | 7.5 | CVE-2014-9462 OSVDB CONFIRM SUSE MISC |
| microsys — promotic | Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. | 2015-03-29 | 7.5 | CVE-2014-9205 MISC MISC CONFIRM |
| mozilla — firefox | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | 2015-04-01 | 7.5 | CVE-2015-0801 CONFIRM CONFIRM |
| mozilla — firefox | The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element’s attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. | 2015-04-01 | 7.5 | CVE-2015-0803 CONFIRM CONFIRM |
| mozilla — firefox | The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element. | 2015-04-01 | 7.5 | CVE-2015-0804 CONFIRM CONFIRM |
| mozilla — firefox | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | 2015-04-01 | 7.5 | CVE-2015-0805 CONFIRM CONFIRM |
| mozilla — firefox | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content. | 2015-04-01 | 7.5 | CVE-2015-0806 CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-04-01 | 7.5 | CVE-2015-0814 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| mozilla — firefox | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 2015-04-01 | 7.5 | CVE-2015-0815 CONFIRM CONFIRM CONFIRM CONFIRM |
| mybb — mybb | Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to “Group join request notifications sent to wrong group leaders.” | 2015-03-29 | 10.0 | CVE-2015-2786 CONFIRM |
| nih — libzip | Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. | 2015-03-30 | 7.5 | CVE-2015-2331 CONFIRM SECTRACK DEBIAN CONFIRM SUSE CONFIRM CONFIRM |
| pbm212030_project — pbm212030 | Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an “internal intermediate heap-based buffer.” | 2015-03-29 | 7.5 | CVE-2013-7438 CONFIRM CONFIRM MLIST |
| php — php | Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. | 2015-03-30 | 7.5 | CVE-2014-9705 MISC CONFIRM UBUNTU DEBIAN CONFIRM MLIST |
| php — php | Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. | 2015-03-30 | 7.5 | CVE-2015-0273 CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM SUSE SUSE SUSE CONFIRM |
| php — php | Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 2015-03-30 | 7.5 | CVE-2015-1351 CONFIRM MLIST CONFIRM |
| php — php | Multiple integer overflows in the calendar extension in PHP through 5.6.7 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted year value to (1) the GregorianToSdn function in gregor.c or (2) the JulianToSdn function in julian.c, as demonstrated by a crafted third argument to the gregoriantojd or juliantojd function. | 2015-03-30 | 7.5 | CVE-2015-1353 MISC MLIST |
| php — php | Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. | 2015-03-30 | 7.5 | CVE-2015-2301 CONFIRM CONFIRM UBUNTU DEBIAN CONFIRM MLIST CONFIRM |
| php — php | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. | 2015-03-30 | 7.5 | CVE-2015-2787 CONFIRM CONFIRM CONFIRM |
| redhat — slapi-nis | The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups. | 2015-03-30 | 7.8 | CVE-2015-0283 CONFIRM CONFIRM REDHAT |
| sap — afaria | The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | 2015-04-01 | 7.5 | CVE-2015-2816 MISC |
| selinux — setroubleshoot | The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | 2015-03-30 | 10.0 | CVE-2015-1815 MISC CONFIRM CONFIRM MLIST REDHAT |
| slimframework — slim | Middleware/SessionCookie.php in Slim before 2.6.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data. | 2015-03-30 | 7.5 | CVE-2015-2171 CONFIRM CONFIRM FULLDISC |
| websense — triton_ap_email | Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703. | 2015-03-27 | 10.0 | CVE-2015-2763 CONFIRM |
| websense — triton_ap_email | Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to “Autocomplete Enabled.” | 2015-03-27 | 10.0 | CVE-2015-2767 CONFIRM |
| websense — v-series_appliances | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. | 2015-03-27 | 7.5 | CVE-2015-2772 CONFIRM |
| wpml — wpml | The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. | 2015-03-30 | 7.5 | CVE-2015-2792 CONFIRM FULLDISC MISC MISC |
| xen — xen | Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | 2015-04-01 | 7.1 | CVE-2015-2751 CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ab_google_map_travel_project — ab_google_map_travel | Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php. | 2015-04-01 | 6.8 | CVE-2015-2755 CONFIRM BUGTRAQ BUGTRAQ MISC MISC |
| apple — safari | The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue. | 2015-03-31 | 4.3 | CVE-2015-2808 MISC |
| cisco — wireless_lan_controller | The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. | 2015-03-27 | 6.1 | CVE-2015-0679 SECTRACK CISCO |
| cisco — unified_callmanager | Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. | 2015-03-27 | 4.0 | CVE-2015-0680 SECTRACK CISCO |
| cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a “deprecated page,” aka Bug ID CSCup90168. | 2015-04-03 | 6.5 | CVE-2015-0682 CISCO |
| cisco — unified_communications_domain_manager | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | 2015-04-03 | 4.0 | CVE-2015-0683 CISCO |
| cisco — unified_communications_domain_manager | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | 2015-04-03 | 6.5 | CVE-2015-0684 CISCO |
| cisco — nx-os | The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (device reload) via unspecified vectors, aka Bug ID CSCuq92240. | 2015-04-02 | 6.3 | CVE-2015-0686 CISCO |
| cisco — ios | The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of service (device crash) by performing SNMP polling, aka Bug ID CSCuq04574. | 2015-04-02 | 6.3 | CVE-2015-0687 CISCO |
| citrix — netscaler | Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | 2015-04-03 | 6.8 | CVE-2015-2838 MISC BUGTRAQ FULLDISC MISC |
| citrix — netscaler | The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | 2015-04-03 | 4.3 | CVE-2015-2839 MISC BUGTRAQ FULLDISC MISC |
| citrix — netscaler | Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | 2015-04-03 | 4.3 | CVE-2015-2840 MISC BUGTRAQ FULLDISC MISC |
| citrix — netscaler | Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | 2015-04-03 | 5.0 | CVE-2015-2841 SECTRACK FULLDISC |
| dokuwiki — dokuwiki | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | 2015-03-30 | 6.5 | CVE-2015-2172 CONFIRM CONFIRM CONFIRM MLIST FEDORA FEDORA FEDORA CONFIRM |
| ecava — integraxor | Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. | 2015-04-03 | 4.4 | CVE-2015-0990 MISC |
| embedthis — appweb | Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by “Range: x=,”. | 2015-03-31 | 5.0 | CVE-2014-9708 CONFIRM CONFIRM BUGTRAQ FULLDISC MISC |
| file_project — file | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. | 2015-03-30 | 5.0 | CVE-2014-9652 CONFIRM CONFIRM CONFIRM CONFIRM MLIST SUSE SUSE SUSE CONFIRM |
| flashy_project — flashy | Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-31 | 4.3 | CVE-2015-0901 JVNDB JVN |
| foxitsoftware — reader | Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. | 2015-03-30 | 4.4 | CVE-2015-2789 CONFIRM MISC SECTRACK EXPLOIT-DB MISC |
| foxitsoftware — enterprise_reader | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. | 2015-03-30 | 4.3 | CVE-2015-2790 CONFIRM CONFIRM SECTRACK SECTRACK MISC MISC |
| freeipa — freeipa | The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. | 2015-03-30 | 5.0 | CVE-2015-1827 CONFIRM CONFIRM REDHAT |
| gaia-gis — freexl | FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. | 2015-03-31 | 6.8 | CVE-2015-2753 CONFIRM MLIST MLIST DEBIAN |
| gaia-gis — freexl | FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a “premature EOF.” | 2015-03-31 | 6.8 | CVE-2015-2754 CONFIRM MLIST MLIST |
| gaia-gis — freexl | The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | 2015-03-31 | 4.3 | CVE-2015-2776 CONFIRM MLIST MLIST MLIST DEBIAN |
| gnu — glibc | DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up while the database is iterated over the database, which triggers the file pointer to be reset. | 2015-03-27 | 5.0 | CVE-2014-8121 MLIST CONFIRM REDHAT |
| google — bionic | The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800. | 2015-04-01 | 5.0 | CVE-2012-2808 MISC MISC |
| google — chrome | Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES commands. | 2015-04-01 | 6.8 | CVE-2015-1234 CONFIRM CONFIRM CONFIRM |
| honeywell — excel_web_xl_1000c1000_600_i/o | Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. | 2015-03-30 | 5.0 | CVE-2015-0984 MISC |
| hospira — mednet | Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | 2015-04-03 | 5.0 | CVE-2014-5403 MISC |
| hospira — mednet | Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | 2015-04-03 | 4.0 | CVE-2014-5405 MISC |
| hp — integrated_lights-out_2_firmware | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. | 2015-03-31 | 6.4 | CVE-2015-2106 HP SECTRACK |
| ibm — security_access_manager_for_web_7.0_firmware | The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | 2015-03-31 | 5.0 | CVE-2015-1892 CERT-VN CONFIRM AIXAPAR AIXAPAR |
| icoasoft — potrace | Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. | 2015-03-29 | 5.0 | CVE-2013-7437 MISC MISC MLIST |
| inductiveautomation — ignition | Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-04-03 | 4.3 | CVE-2015-0976 MISC |
| inductiveautomation — ignition | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | 2015-04-03 | 5.0 | CVE-2015-0991 MISC |
| inductiveautomation — ignition | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | 2015-04-03 | 6.4 | CVE-2015-0993 MISC |
| inductiveautomation — ignition | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | 2015-04-03 | 4.0 | CVE-2015-0994 MISC |
| inductiveautomation — ignition | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | 2015-04-03 | 5.0 | CVE-2015-0995 MISC |
| johnsoncontrols — metsys | Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. | 2015-03-29 | 5.0 | CVE-2014-5427 MISC |
| libgd — libgd | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | 2015-03-30 | 5.0 | CVE-2014-9709 CONFIRM CONFIRM CONFIRM CONFIRM |
| mcafee — data_loss_prevention_endpoint | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors. | 2015-03-27 | 4.0 | CVE-2015-2757 CONFIRM |
| mcafee — data_loss_prevention_endpoint | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL. | 2015-03-27 | 6.5 | CVE-2015-2758 CONFIRM |
| mcafee — data_loss_prevention_endpoint | Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors. | 2015-03-27 | 6.8 | CVE-2015-2759 CONFIRM |
| mongodb — mongodb | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | 2015-03-30 | 5.0 | CVE-2015-1609 CONFIRM FEDORA FEDORA |
| mozilla — firefox | The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. | 2015-04-01 | 5.0 | CVE-2015-0800 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. | 2015-04-01 | 5.0 | CVE-2015-0802 CONFIRM CONFIRM |
| mozilla — firefox | The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638. | 2015-04-01 | 6.8 | CVE-2015-0807 CONFIRM CONFIRM |
| mozilla — firefox | The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | 2015-04-01 | 5.0 | CVE-2015-0808 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. | 2015-04-01 | 4.3 | CVE-2015-0810 CONFIRM CONFIRM |
| mozilla — firefox | The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image that is improperly handled during transformation. | 2015-04-01 | 6.4 | CVE-2015-0811 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain. | 2015-04-01 | 4.3 | CVE-2015-0812 CONFIRM CONFIRM |
| mozilla — firefox | Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. | 2015-04-01 | 5.1 | CVE-2015-0813 CONFIRM CONFIRM |
| mozilla — firefox | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. | 2015-04-01 | 5.0 | CVE-2015-0816 CONFIRM CONFIRM |
| nishishi — fumy_teachers_schedule_board | Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher’s Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-31 | 4.3 | CVE-2015-0900 CONFIRM JVNDB JVN CONFIRM |
| openldap — openldap | The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user’s permissions and other user attributes via unspecified vectors. | 2015-04-01 | 4.0 | CVE-2014-9713 CONFIRM MLIST DEBIAN |
| openstack — compute | OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. | 2015-04-01 | 5.1 | CVE-2015-0259 CONFIRM MLIST |
| pfsense — pfsense | Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php. | 2015-04-01 | 4.3 | CVE-2015-2294 CONFIRM MISC BUGTRAQ MISC |
| php — php | The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. | 2015-03-30 | 4.6 | CVE-2013-6501 CONFIRM SUSE |
| php — php | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. | 2015-03-30 | 5.0 | CVE-2015-1352 CONFIRM MLIST CONFIRM |
| php — php | The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | 2015-03-30 | 5.0 | CVE-2015-2348 CONFIRM CONFIRM CONFIRM |
| rockwellautomation — factorytalk_services_platform | Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | 2015-03-30 | 6.9 | CVE-2014-9209 MISC MISC |
| rxspencer_project — rxspencer | Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. | 2015-03-30 | 6.8 | CVE-2015-2305 CERT-VN MISC DEBIAN MLIST MLIST |
| sap — netweaver_enterprise_portal | XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | 2015-04-01 | 5.0 | CVE-2015-2811 MISC |
| sap — netweaver_enterprise_portal | XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | 2015-04-01 | 5.0 | CVE-2015-2812 MISC |
| sap — mobile_platform | XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | 2015-04-01 | 5.0 | CVE-2015-2813 MISC |
| sap — clinical_task_tracker | SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | 2015-04-01 | 6.4 | CVE-2015-2814 MISC |
| sap — netweaver | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | 2015-04-01 | 6.5 | CVE-2015-2815 MISC |
| sap — netweaver | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | 2015-04-01 | 5.0 | CVE-2015-2817 MISC |
| sap — mobile_platform | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | 2015-04-01 | 5.0 | CVE-2015-2818 MISC |
| sap — sybase_sql_anywhere | SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | 2015-04-01 | 5.0 | CVE-2015-2819 MISC |
| sap — afaria | Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | 2015-04-01 | 5.0 | CVE-2015-2820 MISC |
| schneider-electric — vampset | Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file. | 2015-04-03 | 4.4 | CVE-2014-8390 MISC CONFIRM |
| schneider_electric — indusoft_web_studio | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. | 2015-03-29 | 5.0 | CVE-2015-0997 MISC CONFIRM CONFIRM |
| semperfiwebdesign — all_in_one_seo_pack | The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code. | 2015-04-03 | 5.0 | CVE-2015-0902 CONFIRM JVNDB JVN |
| shibboleth — shibboleth-sp | Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | 2015-03-31 | 4.0 | CVE-2015-2684 CONFIRM DEBIAN |
| synology — diskstation_manager | The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | 2015-03-31 | 5.0 | CVE-2015-2809 CONFIRM CERT-VN |
| typo3 — neos | TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | 2015-04-01 | 6.5 | CVE-2015-2821 CONFIRM |
| websense — v-series_appliances | Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allows remote administrators to read arbitrary files and obtain passwords via a crafted path. | 2015-03-27 | 4.0 | CVE-2014-9712 CONFIRM CONFIRM |
| websense — triton_ap_web | Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-27 | 4.3 | CVE-2015-2761 CONFIRM |
| websense — triton_ap_web | Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | 2015-03-27 | 5.0 | CVE-2015-2762 CONFIRM |
| websense — triton_ap_data | Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. | 2015-03-27 | 4.3 | CVE-2015-2764 CONFIRM |
| websense — triton_ap_email | The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 2015-03-27 | 4.3 | CVE-2015-2765 CONFIRM |
| websense — triton_ap_email | The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | 2015-03-27 | 5.0 | CVE-2015-2766 CONFIRM |
| websense — triton_ap_email | Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-27 | 4.3 | CVE-2015-2768 CONFIRM |
| websense — triton_ap_email | Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-03-27 | 6.8 | CVE-2015-2769 CONFIRM |
| websense — v-series_appliances | Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2015-03-27 | 6.8 | CVE-2015-2770 CONFIRM |
| websense — triton_ap_email | The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | 2015-03-27 | 5.0 | CVE-2015-2771 CONFIRM |
| websense — v-series_appliances | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | 2015-03-27 | 5.0 | CVE-2015-2773 CONFIRM |
| wpml — wpml | The “menu sync” function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php. | 2015-03-30 | 6.4 | CVE-2015-2791 CONFIRM BUGTRAQ FULLDISC MISC MISC |
| xen — xen | The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptable, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | 2015-04-01 | 4.9 | CVE-2015-2752 CONFIRM |
| xen — xen | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | 2015-04-01 | 4.9 | CVE-2015-2756 CONFIRM MLIST |
| xzeres — 442sr | Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user’s password via a GET request. | 2015-03-30 | 6.8 | CVE-2015-0985 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| greenend — putty | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | 2015-03-27 | 2.1 | CVE-2015-2157 CONFIRM CONFIRM MLIST MLIST DEBIAN SUSE FEDORA FEDORA FEDORA |
| hospira — mednet | The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file. | 2015-04-03 | 2.1 | CVE-2014-5400 MISC |
| hp — operations_orchestration | Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | 2015-03-31 | 3.5 | CVE-2015-2108 HP SECTRACK |
| inductiveautomation — ignition | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | 2015-04-03 | 2.1 | CVE-2015-0992 MISC |
| mcafee — data_loss_prevention_endpoint | Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2015-03-27 | 3.5 | CVE-2015-2760 CONFIRM |
| schneider_electric — indusoft_web_studio | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. | 2015-03-29 | 2.1 | CVE-2015-0996 MISC CONFIRM CONFIRM |
| schneider_electric — indusoft_web_studio | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 2015-03-29 | 3.3 | CVE-2015-0998 MISC CONFIRM CONFIRM |
| schneider_electric — indusoft_web_studio | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. | 2015-03-29 | 2.1 | CVE-2015-0999 MISC CONFIRM CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.