SB15-089: Vulnerability Summary for the Week of March 23, 2015

["US-CERT" <US-CERT@xxxxxxxxxxxxxxxx>]

Title: SB15-089: Vulnerability Summary for the Week of March 23, 2015

National Cyber Awareness System:

SB15-089: Vulnerability Summary for the Week of March 23, 2015

03/30/2015 09:06 AM EDT

Original release date: March 30, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

• Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

• Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
arubanetworks -- arubaos	The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.	2015-03-24	7.2	CVE-2015-1388 CONFIRM
cisco -- ios	The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.	2015-03-26	9.0	CVE-2015-0635 CISCO
cisco -- ios	The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.	2015-03-26	7.8	CVE-2015-0636 CISCO
cisco -- ios	The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.	2015-03-26	7.8	CVE-2015-0637 CISCO
cisco -- ios	Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.	2015-03-26	7.1	CVE-2015-0638 CISCO
cisco -- ios_xe	The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665.	2015-03-26	7.8	CVE-2015-0639 CISCO
cisco -- ios_xe	The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741.	2015-03-26	7.8	CVE-2015-0640 CISCO
cisco -- ios_xe	Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073.	2015-03-26	7.8	CVE-2015-0641 CISCO
cisco -- ios	Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951.	2015-03-26	7.8	CVE-2015-0642 CONFIRM CISCO
cisco -- ios	Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572.	2015-03-26	7.8	CVE-2015-0643 CONFIRM CISCO
cisco -- ios_xe	AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622.	2015-03-26	7.8	CVE-2015-0644 CISCO
cisco -- ios_xe	The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131.	2015-03-26	7.8	CVE-2015-0645 CISCO
cisco -- ios	Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.	2015-03-26	7.8	CVE-2015-0646 CISCO
cisco -- ios	Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.	2015-03-26	7.8	CVE-2015-0647 CISCO
cisco -- ios	Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.	2015-03-26	7.8	CVE-2015-0648 CISCO
cisco -- ios	Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.	2015-03-26	7.8	CVE-2015-0649 CISCO
cisco -- ios	The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579.	2015-03-26	7.8	CVE-2015-0650 CISCO
citrix -- command_center	Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.	2015-03-26	7.5	CVE-2015-2683 MISC BUGTRAQ CONFIRM FULLDISC MISC
futomi -- mp_form_mail_cgi	futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.	2015-03-20	7.5	CVE-2015-0898 JVN CONFIRM JVNDB CONFIRM
genixcms -- genixcms	Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.	2015-03-23	7.5	CVE-2015-2679 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB OSVDB CONFIRM
ibm -- general_parallel_file_system	IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.	2015-03-23	7.2	CVE-2015-0197 CONFIRM
ibm -- general_parallel_file_system	IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.	2015-03-23	10.0	CVE-2015-0198 CONFIRM
linuxfoundation -- cups-filters	The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.	2015-03-24	7.5	CVE-2015-2265 UBUNTU CONFIRM CONFIRM
mozilla -- firefox	Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary _javascript_ code with chrome privileges via vectors involving SVG hash navigation.	2015-03-23	7.5	CVE-2015-0818 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE
sixapart -- movable_type	Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.	2015-03-27	7.5	CVE-2013-2184 MISC DEBIAN MLIST MLIST
solarwinds -- firewall_security_manager	userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.	2015-03-24	10.0	CVE-2015-2284 MISC
tcpdump -- tcpdump	Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.	2015-03-24	7.5	CVE-2015-0261 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC
tcpdump -- tcpdump	The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.	2015-03-24	7.5	CVE-2015-2155 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC
vastal -- phpvid	SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.	2015-03-20	7.5	CVE-2015-2563 MISC FULLDISC MISC
web-dorado -- ecommerce_wd	Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.	2015-03-20	7.5	CVE-2015-2562 FULLDISC MISC
x -- libxfont	The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.	2015-03-20	8.5	CVE-2015-1802 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA
x -- libxfont	The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.	2015-03-20	8.5	CVE-2015-1803 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA
x -- libxfont	The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.	2015-03-20	8.5	CVE-2015-1804 MISC UBUNTU SECTRACK DEBIAN FEDORA FEDORA

Back to top

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apache -- batik	XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.	2015-03-24	6.4	CVE-2015-0250 CONFIRM UBUNTU FULLDISC
apache -- xerces-c	internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.	2015-03-24	5.0	CVE-2015-0252 CONFIRM DEBIAN
asus -- rt-g32_firmware	Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.	2015-03-23	6.8	CVE-2015-2676 MISC FULLDISC MISC
asus -- rt-g32_firmware	Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.	2015-03-23	4.3	CVE-2015-2681 MISC FULLDISC MISC
cisco -- ios	The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167.	2015-03-20	6.4	CVE-2015-0669 SECTRACK CISCO
cisco -- spa_301_1_line_ip_phone	The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.	2015-03-20	6.4	CVE-2015-0670 SECTRACK CISCO
cisco -- ios_xr	The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.	2015-03-26	5.0	CVE-2015-0672 CISCO
cisco -- mobility_services_engine	Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.	2015-03-26	4.0	CVE-2015-0673 CISCO
citrix -- command_center	Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.	2015-03-26	5.0	CVE-2015-2682 MISC CONFIRM FULLDISC MISC
codoforum -- codoforum	The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.	2015-03-23	5.0	CVE-2014-9261 CONFIRM EXPLOIT-DB MISC MISC OSVDB
cs-cart -- cs-cart	Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.	2015-03-25	6.8	CVE-2015-2701 EXPLOIT-DB OSVDB
digia -- qt	The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.	2015-03-25	5.0	CVE-2015-0295 MLIST SUSE FEDORA FEDORA FEDORA FEDORA FEDORA FEDORA
djangoproject -- django	The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.	2015-03-25	5.0	CVE-2015-2316 CONFIRM UBUNTU
djangoproject -- django	The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.	2015-03-25	4.3	CVE-2015-2317 CONFIRM DEBIAN UBUNTU
genixcms -- genixcms	Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.	2015-03-23	4.3	CVE-2015-2678 MISC MISC CONFIRM MISC EXPLOIT-DB MISC OSVDB
gluster -- glusterfs	The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.	2015-03-27	5.0	CVE-2014-3619 MISC CONFIRM SUSE SUSE
gnu -- gnutls	GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.	2015-03-24	5.0	CVE-2015-0282 CONFIRM DEBIAN
ibm -- rational_clearquest	Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.	2015-03-24	6.8	CVE-2014-8925 CONFIRM
ibm -- business_process_manager	Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015-03-23	4.3	CVE-2015-0105 CONFIRM AIXAPAR AIXAPAR
ibm -- business_process_manager	Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015-03-23	4.3	CVE-2015-0106 CONFIRM AIXAPAR
ibm -- powervc	IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate.	2015-03-23	4.3	CVE-2015-0137 CONFIRM
ibm -- tivoli_directory_server	GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.	2015-03-24	4.3	CVE-2015-0138 CONFIRM
ibm -- business_process_manager	Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.	2015-03-23	4.3	CVE-2015-0158 CONFIRM SECTRACK AIXAPAR AIXAPAR AIXAPAR
ibm -- general_parallel_file_system	The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls.	2015-03-23	4.9	CVE-2015-0199 CONFIRM
inetc_project -- inetc	The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files.	2015-03-21	4.3	CVE-2015-0941 CERT-VN
metalgenix -- genixcms	Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.	2015-03-23	6.8	CVE-2015-2680 CONFIRM CONFIRM CONFIRM MISC EXPLOIT-DB MISC OSVDB CONFIRM
mozilla -- firefox	The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted _javascript_.	2015-03-23	6.8	CVE-2015-0817 CONFIRM UBUNTU SECTRACK CONFIRM DEBIAN REDHAT SUSE SUSE
projectsend -- projectsend	SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.	2015-03-20	6.5	CVE-2015-2564 BUGTRAQ MISC EXPLOIT-DB FULLDISC MISC OSVDB
redhat -- richfaces	JBoss RichFaces before 4.5.4 allows remote attackers to inject _expression_ language (EL) expressions and execute arbitrary Java code via the do parameter.	2015-03-26	6.8	CVE-2015-0279 CONFIRM REDHAT
tcpdump -- tcpdump	The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).	2015-03-24	5.0	CVE-2015-2153 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC
tcpdump -- tcpdump	The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.	2015-03-24	5.0	CVE-2015-2154 CONFIRM SECTRACK BUGTRAQ DEBIAN MISC
websense -- triton_ap_web	Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.	2015-03-25	4.3	CVE-2014-9711 MISC MISC CONFIRM CONFIRM CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC
websense -- triton_ap_data	Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.	2015-03-25	4.3	CVE-2015-2702 MISC CONFIRM BUGTRAQ FULLDISC MISC
websense -- triton_ap_web	Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message.	2015-03-25	4.3	CVE-2015-2703 MISC MISC CONFIRM BUGTRAQ BUGTRAQ FULLDISC FULLDISC MISC MISC
websense -- triton	The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.	2015-03-26	6.5	CVE-2015-2746 MISC CONFIRM BUGTRAQ FULLDISC MISC
websense -- triton	Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.	2015-03-26	4.3	CVE-2015-2747 MISC BUGTRAQ FULLDISC MISC
websense -- triton_ap_data	Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.	2015-03-26	5.0	CVE-2015-2748 MISC CONFIRM BUGTRAQ FULLDISC MISC

Back to top

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
drupal -- drupal	Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.	2015-03-25	3.5	CVE-2015-2559 CONFIRM DEBIAN
emc -- xcelerated_management_system	EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.	2015-03-23	2.1	CVE-2015-0527 BUGTRAQ
greenend -- putty	The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.	2015-03-27	2.1	CVE-2015-2157 CONFIRM CONFIRM MLIST MLIST DEBIAN SUSE FEDORA FEDORA
ibm -- installation_manager	IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.	2015-03-24	1.2	CVE-2014-6134 CONFIRM
ibm -- security_identity_manager_adapter	The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.	2015-03-24	1.9	CVE-2014-8923 CONFIRM
ibm -- business_process_manager	Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.	2015-03-23	3.5	CVE-2015-0103 CONFIRM AIXAPAR
ibm -- powervc	powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.	2015-03-23	2.1	CVE-2015-0136 CONFIRM
ocportal -- ocportal	Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php.	2015-03-23	3.5	CVE-2015-2677 CONFIRM SECTRACK BUGTRAQ MISC CONFIRM
s9y -- serendipity	Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.	2015-03-23	3.5	CVE-2015-2289 CONFIRM SECTRACK BUGTRAQ MLIST MISC CONFIRM

Back to top

 

---

This product is provided subject to this Notification and this Privacy & Use policy.

---

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

---

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870