Weekly Vulnerabilities Reports > March 16 to 22, 2015

Overview

84 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 30 vendors including Apple, Openssl, Cisco, IBM, and Linux. Vulnerabilities are notably categorized as "Resource Management Errors", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Code".

  • 71 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 71 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-16 CVE-2015-1421 Linux Local Denial of Service vulnerability in Linux Kernel

Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

10.0

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-20 CVE-2015-1804 X
Canonical
Debian
Numeric Errors vulnerability in X Libxfont

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.

8.5
2015-03-20 CVE-2015-1803 Canonical
Debian
X
Local Denial of Service vulnerability in X.Org libXfont 'bitmap/bdfread.c'

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.

8.5
2015-03-20 CVE-2015-1802 X
Canonical
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.

8.5
2015-03-18 CVE-2015-0132 IBM Resource Management Errors vulnerability in IBM products

The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

7.8
2015-03-21 CVE-2015-0898 Futomi Code Injection vulnerability in Futomi MP Form Mail CGI

futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.

7.5
2015-03-20 CVE-2015-2563 Vastal SQL Injection vulnerability in Vastal PHPvid 0.9.9/1.2.3

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.

7.5
2015-03-20 CVE-2015-2562 WEB Dorado SQL Injection vulnerability in Web-Dorado Ecommerce WD 1.2.5

Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.

7.5
2015-03-19 CVE-2015-0292 Openssl Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openssl

Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.

7.5
2015-03-19 CVE-2015-2352 Mybb Security vulnerability in MyBB

The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.

7.5
2015-03-19 CVE-2015-2281 Fortinet Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fortinet Single Sign ON 4.3

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.

7.5
2015-03-17 CVE-2015-2314 Wpml SQL Injection vulnerability in Wpml

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

7.5
2015-03-16 CVE-2015-0778 Fedoraproject
Suse
Opensuse
Command Injection vulnerability in multiple products

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.

7.5
2015-03-17 CVE-2015-0662 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.

7.2
2015-03-16 CVE-2015-0274 Linux Data Processing Errors vulnerability in Linux Kernel

The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.

7.2
2015-03-16 CVE-2014-8173 Linux Unspecified vulnerability in Linux Kernel

The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.

7.2
2015-03-16 CVE-2014-7822 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

7.2

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-16 CVE-2014-8159 Linux
Redhat
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

6.9
2015-03-19 CVE-2015-0209 Openssl Remote Memory Corruption vulnerability in OpenSSL

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

6.8
2015-03-19 CVE-2015-2350 Mikrotik Cross-Site Request Forgery (CSRF) vulnerability in Mikrotik Routeros

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.

6.8
2015-03-18 CVE-2015-1083 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1082 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1081 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1080 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1079 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1078 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1077 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1076 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1075 Apple Resource Management Errors vulnerability in Apple Itunes and Safari

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1074 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1073 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1072 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1071 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1070 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1069 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-1068 Apple Resource Management Errors vulnerability in Apple products

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

6.8
2015-03-18 CVE-2015-2296 Mageia Project
Python
Canonical
The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.
6.8
2015-03-18 CVE-2015-2334 Mybb Cross-Site Request Forgery (CSRF) vulnerability in Mybb

Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-03-17 CVE-2015-2293 Yoast Cross-Site Request Forgery (CSRF) vulnerability in Yoast Wordpress SEO

Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.

6.8
2015-03-17 CVE-2015-0665 Cisco Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.

6.6
2015-03-17 CVE-2015-0663 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.

6.6
2015-03-20 CVE-2015-2564 Projectsend SQL Injection vulnerability in Projectsend 561

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.

6.5
2015-03-17 CVE-2015-2292 Yoast SQL Injection vulnerability in Yoast Wordpress SEO

Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php.

6.5
2015-03-21 CVE-2015-0670 Cisco Improper Authentication vulnerability in Cisco products

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

6.4
2015-03-21 CVE-2015-0669 Cisco Improper Input Validation vulnerability in Cisco IOS 15.4(3)S/15.4S

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service outage) by sending crafted Autonomic Networking (AN) messages on an intranet network, aka Bug ID CSCup62167.

6.4
2015-03-18 CVE-2015-0149 IBM Permissions, Privileges, and Access Controls vulnerability in IBM API Management

The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.

5.5
2015-03-18 CVE-2014-6129 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.

5.5
2015-03-20 CVE-2015-0671 Cisco Resource Management Errors vulnerability in Cisco Videoscape Delivery System for Internet Streamer 3.2.1

The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.

5.0
2015-03-19 CVE-2015-0293 Openssl Improper Input Validation vulnerability in Openssl

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

5.0
2015-03-19 CVE-2015-0291 Openssl Denial of Service vulnerability in Openssl 1.0.2

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

5.0
2015-03-19 CVE-2015-0290 Openssl Code vulnerability in Openssl 1.0.2

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

5.0
2015-03-19 CVE-2015-0289 Openssl Denial of Service vulnerability in OpenSSL 'pk7_doit.c' NULL Pointer Dereference

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.

5.0
2015-03-19 CVE-2015-0288 Openssl Denial of Service vulnerability in OpenSSL

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.

5.0
2015-03-19 CVE-2015-0287 Openssl Code vulnerability in Openssl

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.

5.0
2015-03-19 CVE-2015-0286 Openssl Code vulnerability in Openssl

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.

5.0
2015-03-19 CVE-2015-0207 Openssl Denial of Service vulnerability in Openssl 1.0.2

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.

5.0
2015-03-18 CVE-2015-0667 Cisco Improper Access Control vulnerability in Cisco Content Services Switch 11500 Firmware 8.20.4.02

The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.

5.0
2015-03-18 CVE-2015-1084 Apple Code vulnerability in Apple Iphone OS and Safari

The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

5.0
2015-03-18 CVE-2015-2335 Mybb Information Exposure vulnerability in Mybb

A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.

5.0
2015-03-16 CVE-2014-9687 Ecryptfs Credentials Management vulnerability in Ecryptfs Ecryptfs-Utils 86/99

eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.

5.0
2015-03-16 CVE-2015-1593 Linux Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

5.0
2015-03-16 CVE-2014-8172 Linux Code vulnerability in Linux Kernel

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.

4.9
2015-03-18 CVE-2014-8169 Redhat
Automount Project
Opensuse
Permissions, Privileges, and Access Controls vulnerability in multiple products

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.

4.4
2015-03-22 CVE-2015-0941 Inetc Project Cryptographic Issues vulnerability in Inetc Project Inetc

The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files.

4.3
2015-03-20 CVE-2015-0668 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5/2.5.99.2

Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.

4.3
2015-03-19 CVE-2015-0285 Openssl Cryptographic Issues vulnerability in Openssl 1.0.2

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.

4.3
2015-03-19 CVE-2015-0208 Openssl NULL Pointer Dereference Denial of Service vulnerability in Openssl 1.0.2

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.

4.3
2015-03-19 CVE-2015-2351 Alkacon Cross-site Scripting vulnerability in Alkacon Opencms 9.5.1

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp.

4.3
2015-03-19 CVE-2015-2349 Superwebmailer Cross-site Scripting vulnerability in Superwebmailer 5.60.0.01190

Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter.

4.3
2015-03-18 CVE-2015-0896 Extplorer Cross-site Scripting vulnerability in Extplorer

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-18 CVE-2015-0664 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.

4.3
2015-03-18 CVE-2015-2333 Mybb Cross-site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-18 CVE-2015-2332 Mybb Cross-site Scripting vulnerability in Mybb

Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-18 CVE-2015-0178 IBM Information Exposure vulnerability in IBM Liberty

The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3
2015-03-17 CVE-2015-2315 Wpml Cross-site Scripting vulnerability in Wpml

Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.

4.3
2015-03-18 CVE-2014-6131 IBM Information Exposure vulnerability in IBM products

IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-18 CVE-2015-2149 Mybb Cross-site Scripting vulnerability in Mybb

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.

3.5
2015-03-18 CVE-2015-0128 IBM Cross-site Scripting vulnerability in IBM Rational Quality Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0124.

3.5
2015-03-18 CVE-2015-0125 IBM Cross-site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2015-03-18 CVE-2015-0124 IBM Cross-site Scripting vulnerability in IBM Rational Quality Manager

Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0128.

3.5
2015-03-19 CVE-2015-1787 Openssl Improper Input Validation vulnerability in Openssl 1.0.2

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.

2.6
2015-03-18 CVE-2015-0146 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Content Collector

IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.

2.1
2015-03-18 CVE-2015-2152 XEN
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

1.9
2015-03-16 CVE-2015-1420 Debian
Linux
Race Condition vulnerability in multiple products

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

1.9