Vulnerability Summary for the Week of March 23, 2015
Released
Mar 30, 2015
Document ID
SB15-089
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arubanetworks -- arubaos | The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | 2015-03-24 | 7.2 | CVE-2015-1388 CONFIRM |
| cisco -- ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. | 2015-03-26 | 9.0 | CVE-2015-0635 CISCO |
| cisco -- ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. | 2015-03-26 | 7.8 | CVE-2015-0636 CISCO |
| cisco -- ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315. | 2015-03-26 | 7.8 | CVE-2015-0637 CISCO |
| cisco -- ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. | 2015-03-26 | 7.1 | CVE-2015-0638 CISCO |
| cisco -- ios_xe | The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. | 2015-03-26 | 7.8 | CVE-2015-0639 CISCO |
| cisco -- ios_xe | The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. | 2015-03-26 | 7.8 | CVE-2015-0640 CISCO |
| cisco -- ios_xe | Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. | 2015-03-26 | 7.8 | CVE-2015-0641 CISCO |
| cisco -- ios | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. | 2015-03-26 | 7.8 | CVE-2015-0642 CONFIRM CISCO |
| cisco -- ios | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. | 2015-03-26 | 7.8 | CVE-2015-0643 CONFIRM CISCO |
| cisco -- ios_xe | AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. | 2015-03-26 | 7.8 | CVE-2015-0644 CISCO |
| cisco -- ios_xe | The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. | 2015-03-26 | 7.8 | CVE-2015-0645 CISCO |
| cisco -- ios | Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. | 2015-03-26 | 7.8 | CVE-2015-0646 CISCO |
| cisco -- ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | 2015-03-26 | 7.8 | CVE-2015-0647 CISCO |
| cisco -- ios | Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | 2015-03-26 | 7.8 | CVE-2015-0648 CISCO |
| cisco -- ios | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | 2015-03-26 | 7.8 | CVE-2015-0649 CISCO |
| cisco -- ios | The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. | 2015-03-26 | 7.8 | CVE-2015-0650 CISCO |
| citrix -- command_center | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. | 2015-03-26 | 7.5 | CVE-2015-2683 MISC BUGTRAQ CONFIRM FULLDISC MISC |
| futomi -- mp_form_mail_cgi | futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | 2015-03-20 | 7.5 | CVE-2015-0898 JVN CONFIRM JVNDB CONFIRM |
| genixcms -- genixcms | Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | 2015-03-23 | 7.5 | CVE-2015-2679 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB OSVDB CONFIRM |
| ibm -- general_parallel_file_system | IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | 2015-03-23 | 7.2 | CVE-2015-0197 CONFIRM |
| ibm -- general_parallel_file_system | IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. | 2015-03-23 | 10.0 | CVE-2015-0198 CONFIRM |
| linuxfoundation -- cups-filters | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | 2015-03-24 | 7.5 | CVE-2015-2265 UBUNTU CONFIRM CONFIRM |
| mozilla -- firefox | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. | 2015-03-23 | 7.5 | CVE-2015-0818 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE |
| sixapart -- movable_type | Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | 2015-03-27 | 7.5 | CVE-2013-2184 MISC DEBIAN MLIST MLIST |
| solarwinds -- firewall_security_manager | userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | 2015-03-24 | 10.0 | CVE-2015-2284 MISC |
| tcpdump -- tcpdump | Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. | 2015-03-24 | 7.5 | CVE-2015-0261 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| tcpdump -- tcpdump | The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 2015-03-24 | 7.5 | CVE-2015-2155 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| vastal -- phpvid | SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. | 2015-03-20 | 7.5 | CVE-2015-2563 MISC FULLDISC MISC |
| web-dorado -- ecommerce_wd | Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | 2015-03-20 | 7.5 | CVE-2015-2562 FULLDISC MISC |
| x -- libxfont | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1802 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
| x -- libxfont | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1803 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
| x -- libxfont | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. | 2015-03-20 | 8.5 | CVE-2015-1804 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- batik | XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. | 2015-03-24 | 6.4 | CVE-2015-0250 CONFIRM UBUNTU FULLDISC |
| apache -- xerces-c | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | 2015-03-24 | 5.0 | CVE-2015-0252 CONFIRM DEBIAN |
| asus -- rt-g32_firmware | Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | 2015-03-23 | 6.8 | CVE-2015-2676 MISC FULLDISC MISC |
| asus -- rt-g32_firmware | Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. | 2015-03-23 | 4.3 | CVE-2015-2681 MISC FULLDISC MISC |
| cisco -- ios | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167. | 2015-03-20 | 6.4 | CVE-2015-0669 SECTRACK CISCO |
| cisco -- spa_301_1_line_ip_phone | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | 2015-03-20 | 6.4 | CVE-2015-0670 SECTRACK CISCO |
| cisco -- ios_xr | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | 2015-03-26 | 5.0 | CVE-2015-0672 CISCO |
| cisco -- mobility_services_engine | Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. | 2015-03-26 | 4.0 | CVE-2015-0673 CISCO |
| citrix -- command_center | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | 2015-03-26 | 5.0 | CVE-2015-2682 MISC CONFIRM FULLDISC MISC |
| codoforum -- codoforum | The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | 2015-03-23 | 5.0 | CVE-2014-9261 CONFIRM EXPLOIT-DB MISC MISC OSVDB |
| cs-cart -- cs-cart | Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. | 2015-03-25 | 6.8 | CVE-2015-2701 EXPLOIT-DB OSVDB |
| digia -- qt | The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. | 2015-03-25 | 5.0 | CVE-2015-0295 MLIST SUSE FEDORA FEDORA FEDORA FEDORA FEDORA FEDORA |
| djangoproject -- django | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. | 2015-03-25 | 5.0 | CVE-2015-2316 CONFIRM UBUNTU |
| djangoproject -- django | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. | 2015-03-25 | 4.3 | CVE-2015-2317 CONFIRM DEBIAN UBUNTU |
| genixcms -- genixcms | Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. | 2015-03-23 | 4.3 | CVE-2015-2678 MISC MISC CONFIRM MISC EXPLOIT-DB MISC OSVDB |
| gluster -- glusterfs | The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. | 2015-03-27 | 5.0 | CVE-2014-3619 MISC CONFIRM SUSE SUSE |
| gnu -- gnutls | GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | 2015-03-24 | 5.0 | CVE-2015-0282 CONFIRM DEBIAN |
| ibm -- rational_clearquest | Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. | 2015-03-24 | 6.8 | CVE-2014-8925 CONFIRM |
| ibm -- business_process_manager | Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0105 CONFIRM AIXAPAR AIXAPAR |
| ibm -- business_process_manager | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0106 CONFIRM AIXAPAR |
| ibm -- powervc | IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate. | 2015-03-23 | 4.3 | CVE-2015-0137 CONFIRM |
| ibm -- tivoli_directory_server | GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 2015-03-24 | 4.3 | CVE-2015-0138 CONFIRM |
| ibm -- business_process_manager | Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2015-03-23 | 4.3 | CVE-2015-0158 CONFIRM SECTRACK AIXAPAR AIXAPAR AIXAPAR |
| ibm -- general_parallel_file_system | The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls. | 2015-03-23 | 4.9 | CVE-2015-0199 CONFIRM |
| inetc_project -- inetc | The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. | 2015-03-21 | 4.3 | CVE-2015-0941 CERT-VN |
| metalgenix -- genixcms | Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. | 2015-03-23 | 6.8 | CVE-2015-2680 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB CONFIRM |
| mozilla -- firefox | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. | 2015-03-23 | 6.8 | CVE-2015-0817 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE |
| projectsend -- projectsend | SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | 2015-03-20 | 6.5 | CVE-2015-2564 BUGTRAQ MISC EXPLOIT-DB FULLDISC MISC OSVDB |
| redhat -- richfaces | JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. | 2015-03-26 | 6.8 | CVE-2015-0279 CONFIRM REDHAT |
| tcpdump -- tcpdump | The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). | 2015-03-24 | 5.0 | CVE-2015-2153 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| tcpdump -- tcpdump | The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. | 2015-03-24 | 5.0 | CVE-2015-2154 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC |
| websense -- triton_ap_web | Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page. | 2015-03-25 | 4.3 | CVE-2014-9711 MISC MISC CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC |
| websense -- triton_ap_data | Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email. | 2015-03-25 | 4.3 | CVE-2015-2702 MISC CONFIRM BUGTRAQ FULLDISC MISC |
| websense -- triton_ap_web | Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message. | 2015-03-25 | 4.3 | CVE-2015-2703 MISC MISC CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC |
| websense -- triton | The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command. | 2015-03-26 | 6.5 | CVE-2015-2746 MISC CONFIRM BUGTRAQ FULLDISC MISC |
| websense -- triton | Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy. | 2015-03-26 | 4.3 | CVE-2015-2747 MISC BUGTRAQ FULLDISC MISC |
| websense -- triton_ap_data | Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | 2015-03-26 | 5.0 | CVE-2015-2748 MISC CONFIRM BUGTRAQ FULLDISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| drupal -- drupal | Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | 2015-03-25 | 3.5 | CVE-2015-2559 CONFIRM DEBIAN |
| emc -- xcelerated_management_system | EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. | 2015-03-23 | 2.1 | CVE-2015-0527 BUGTRAQ |
| greenend -- putty | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | 2015-03-27 | 2.1 | CVE-2015-2157 CONFIRM CONFIRM MLIST MLIST DEBIAN SUSE FEDORA FEDORA |
| ibm -- installation_manager | IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. | 2015-03-24 | 1.2 | CVE-2014-6134 CONFIRM |
| ibm -- security_identity_manager_adapter | The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. | 2015-03-24 | 1.9 | CVE-2014-8923 CONFIRM |
| ibm -- business_process_manager | Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. | 2015-03-23 | 3.5 | CVE-2015-0103 CONFIRM AIXAPAR |
| ibm -- powervc | powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. | 2015-03-23 | 2.1 | CVE-2015-0136 CONFIRM |
| ocportal -- ocportal | Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php. | 2015-03-23 | 3.5 | CVE-2015-2677 CONFIRM SECTRACK BUGTRAQ MISC CONFIRM |
| s9y -- serendipity | Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category. | 2015-03-23 | 3.5 | CVE-2015-2289 CONFIRM SECTRACK BUGTRAQ MLIST MISC CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.