Weekly Vulnerabilities Reports > March 23 to 29, 2015

Overview

103 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 41 vendors including Cisco, Websense, IBM, Fedoraproject, and Opensuse. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Information Exposure", "Resource Management Errors", and "Cross-Site Request Forgery (CSRF)".

  • 89 reported vulnerabilities are remotely exploitables.
  • 9 reported vulnerabilities have public exploit available.
  • 24 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 21 reported vulnerabilities.
  • Websense has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-29 CVE-2015-2786 Mybb Security Bypass vulnerability in MyBB

Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders."

10.0
2015-03-29 CVE-2014-5428 Johnsoncontrols Unspecified vulnerability in Johnsoncontrols Metsys 4.1/6.5

Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script.

10.0
2015-03-27 CVE-2015-2767 Websense Security vulnerability in Websense TRITON AP-EMAIL

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."

10.0
2015-03-27 CVE-2015-2763 Websense Security vulnerability in Websense TRITON AP-EMAIL

Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703.

10.0
2015-03-24 CVE-2015-2284 Solarwinds Permissions, Privileges, and Access Controls vulnerability in Solarwinds Firewall Security Manager 6.6.5

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

10.0
2015-03-24 CVE-2015-0198 IBM Improper Authentication vulnerability in IBM General Parallel File System 3.4/3.5/4.1

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors.

10.0
2015-03-26 CVE-2015-0635 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.

9.0

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-28 CVE-2015-0658 Cisco Improper Input Validation vulnerability in Cisco Nx-Os

The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589.

7.9
2015-03-26 CVE-2015-0650 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579.

7.8
2015-03-26 CVE-2015-0649 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514.

7.8
2015-03-26 CVE-2015-0648 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658.

7.8
2015-03-26 CVE-2015-0647 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371.

7.8
2015-03-26 CVE-2015-0646 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS XE

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.

7.8
2015-03-26 CVE-2015-0645 Cisco Improper Input Validation vulnerability in Cisco IOS XE

The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131.

7.8
2015-03-26 CVE-2015-0644 Cisco Improper Input Validation vulnerability in Cisco IOS XE

AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622.

7.8
2015-03-26 CVE-2015-0643 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572.

7.8
2015-03-26 CVE-2015-0642 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951.

7.8
2015-03-26 CVE-2015-0641 Cisco Improper Input Validation vulnerability in Cisco IOS XE

Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073.

7.8
2015-03-26 CVE-2015-0640 Cisco Improper Input Validation vulnerability in Cisco IOS XE

The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741.

7.8
2015-03-26 CVE-2015-0639 Cisco Improper Input Validation vulnerability in Cisco IOS XE

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665.

7.8
2015-03-26 CVE-2015-0637 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

7.8
2015-03-26 CVE-2015-0636 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.

7.8
2015-03-29 CVE-2015-2785 Gnome Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Byzanz

The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.

7.5
2015-03-29 CVE-2013-7438 Pbm212030 Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pbm212030 Project Pbm212030

Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based buffer."

7.5
2015-03-29 CVE-2014-9205 Microsys Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsys Promotic

Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

7.5
2015-03-27 CVE-2015-2772 Websense Arbitrary File Upload vulnerability in Websense TRITON V-Series

SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors.

7.5
2015-03-27 CVE-2013-2184 Sixapart Code vulnerability in Sixapart Movable Type

Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.

7.5
2015-03-26 CVE-2015-2683 Citrix Permissions, Privileges, and Access Controls vulnerability in Citrix Command Center 5.1/5.2

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.

7.5
2015-03-24 CVE-2015-2265 Canonical
Linuxfoundation
Command Injection vulnerability in multiple products

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL.

7.5
2015-03-24 CVE-2015-2155 Debian
Fedoraproject
Opensuse
Oracle
Tcpdump
Denial of Service vulnerability in tcpdump

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

7.5
2015-03-24 CVE-2015-0261 Tcpdump Numeric Errors vulnerability in Tcpdump

Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.

7.5
2015-03-24 CVE-2015-0818 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

7.5
2015-03-23 CVE-2015-2679 Genixcms SQL Injection vulnerability in Genixcms 0.0.1

Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.

7.5
2015-03-29 CVE-2015-0528 EMC Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs

The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

7.2
2015-03-24 CVE-2015-1388 Arubanetworks OS Command Injection vulnerability in Arubanetworks Arubaos

The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors.

7.2
2015-03-24 CVE-2015-0197 IBM Permissions, Privileges, and Access Controls vulnerability in IBM General Parallel File System 3.4/3.5/4.1

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.

7.2
2015-03-26 CVE-2015-0638 Cisco Improper Input Validation vulnerability in Cisco IOS

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

7.1

53 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-27 CVE-2015-2770 Websense Cross-Site Request Forgery (CSRF) vulnerability in Websense V-Series Appliances

Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-03-27 CVE-2015-2769 Websense Cross-Site Request Forgery (CSRF) vulnerability in Websense Triton AP Email

Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8
2015-03-27 CVE-2015-2759 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Data Loss Prevention Endpoint

Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allow remote attackers to hijack the authentication of users for requests that (1) obtain sensitive information or (2) modify the database via unspecified vectors.

6.8
2015-03-26 CVE-2015-0279 Redhat Code Injection vulnerability in Redhat Richfaces

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

6.8
2015-03-25 CVE-2015-2701 CS Cart Cross-Site Request Forgery (CSRF) vulnerability in Cs-Cart 4.2.4

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

6.8
2015-03-25 CVE-2014-8925 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Rational Clearquest

Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences.

6.8
2015-03-24 CVE-2015-0817 Mozilla Code vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.

6.8
2015-03-23 CVE-2015-2680 Metalgenix Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms 0.0.1

Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.

6.8
2015-03-23 CVE-2015-2676 Asus Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-G32 Firmware 2.0.2.6/2.0.3.2

Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm.

6.8
2015-03-27 CVE-2015-2758 Mcafee Permissions, Privileges, and Access Controls vulnerability in Mcafee Data Loss Prevention Endpoint

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.

6.5
2015-03-26 CVE-2015-2746 Websense Command Injection vulnerability in Websense Triton and V-Series Appliances

The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.

6.5
2015-03-24 CVE-2015-0250 Canonical
Apache
Redhat
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file.
6.4
2015-03-28 CVE-2015-0679 Cisco Improper Input Validation vulnerability in Cisco Wireless LAN Controller 7.3(103.8)/7.4(110.0)

The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980.

6.1
2015-03-29 CVE-2013-7437 Icoasoft Numeric Errors vulnerability in Icoasoft Potrace 1.11

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

5.0
2015-03-29 CVE-2015-0997 Schneider Electric Information Exposure vulnerability in Schneider-Electric Indusoft web Studio and Wonderware Intouch 2014

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.

5.0
2015-03-29 CVE-2014-5427 Johnsoncontrols Information Exposure vulnerability in Johnsoncontrols Metsys 4.1/6.5

Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.

5.0
2015-03-27 CVE-2015-2773 Websense Arbitrary File Read vulnerability in Websense TRITON V-Series

SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors.

5.0
2015-03-27 CVE-2015-2771 Websense Information Exposure vulnerability in Websense Triton AP Email and V-Series Appliances

The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.

5.0
2015-03-27 CVE-2015-2766 Websense Credentials Management vulnerability in Websense Triton AP Email

The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack.

5.0
2015-03-27 CVE-2015-2762 Websense Information Exposure vulnerability in Websense Triton AP web

Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.

5.0
2015-03-27 CVE-2014-8121 Suse
GNU
Canonical
Code vulnerability in multiple products

DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.

5.0
2015-03-27 CVE-2014-3619 Opensuse
Gluster
Resource Management Errors vulnerability in multiple products

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.

5.0
2015-03-26 CVE-2015-2748 Websense Information Exposure vulnerability in Websense products

Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.

5.0
2015-03-26 CVE-2015-2682 Citrix Code vulnerability in Citrix Command Center 5.1/5.2

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.

5.0
2015-03-26 CVE-2015-0672 Cisco Resource Management Errors vulnerability in Cisco IOS XR 5.2.2

The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822.

5.0
2015-03-25 CVE-2015-2316 Oracle
Djangoproject
Canonical
Fedoraproject
Opensuse
Resource Management Errors vulnerability in multiple products

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

5.0
2015-03-25 CVE-2015-0295 Fedoraproject
Opensuse
Digia
Numeric Errors vulnerability in multiple products

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.

5.0
2015-03-24 CVE-2015-2154 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.

5.0
2015-03-24 CVE-2015-2153 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).

5.0
2015-03-24 CVE-2015-0282 GNU Cryptographic Issues vulnerability in GNU Gnutls

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

5.0
2015-03-24 CVE-2015-0252 Debian
Fedoraproject
Apache
Improper Input Validation vulnerability in multiple products

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

5.0
2015-03-23 CVE-2014-9261 Codologic Path Traversal vulnerability in Codologic Codoforum 2.5.1

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a ..

5.0
2015-03-24 CVE-2015-0199 IBM Resource Management Errors vulnerability in IBM General Parallel File System 3.4/3.5/4.1

The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls.

4.9
2015-03-27 CVE-2015-2768 Websense Cross-Site Scripting vulnerability in Websense Triton AP Email and V-Series Appliances

Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-27 CVE-2015-2765 Websense Improper Input Validation vulnerability in Websense Triton AP Email

The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors.

4.3
2015-03-27 CVE-2015-2764 Websense Cross-Site Scripting vulnerability in Websense Triton AP Data

Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog.

4.3
2015-03-27 CVE-2015-2761 Websense Cross-Site Scripting vulnerability in Websense Triton AP web

Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2015-03-26 CVE-2015-2747 Websense Cross-Site Scripting vulnerability in Websense Triton and V-Series Appliances

Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.

4.3
2015-03-25 CVE-2015-2703 Websense Cross-Site Scripting vulnerability in Websense Triton AP web and V-Series Appliances

Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/client-cert-import_wsoem.html in the Content Gateway, which is not properly handled in an error message.

4.3
2015-03-25 CVE-2015-2702 Websense Cross-Site Scripting vulnerability in Websense products

Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.

4.3
2015-03-25 CVE-2015-2317 Debian
Fedoraproject
Opensuse
Djangoproject
Oracle
Canonical
Cross-Site Scripting vulnerability in multiple products

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.

4.3
2015-03-25 CVE-2014-9711 Websense Cross-Site Scripting vulnerability in Websense products

Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.

4.3
2015-03-25 CVE-2015-0138 IBM Cryptographic Issues vulnerability in IBM Tivoli Directory Server

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

4.3
2015-03-24 CVE-2015-0158 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-03-24 CVE-2015-0137 IBM Improper Input Validation vulnerability in IBM Powervc

IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate.

4.3
2015-03-24 CVE-2015-0106 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-03-24 CVE-2015-0105 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2015-03-23 CVE-2015-2681 Asus Cross-Site Scripting vulnerability in Asus Rt-G32 Firmware 2.0.2.6/2.0.3.2

Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.

4.3
2015-03-23 CVE-2015-2678 Genixcms Cross-Site Scripting vulnerability in Genixcms 0.0.1

Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.

4.3
2015-03-28 CVE-2015-0680 Cisco Information Exposure vulnerability in Cisco Unified Callmanager 9.1(2.1000.28)

Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.

4.0
2015-03-27 CVE-2015-2757 Mcafee Resource Management Errors vulnerability in Mcafee Data Loss Prevention Endpoint

The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corruption) via unspecified vectors.

4.0
2015-03-27 CVE-2014-9712 Websense Information Exposure vulnerability in Websense V-Series Appliances

Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.

4.0
2015-03-26 CVE-2015-0673 Cisco Information Exposure vulnerability in Cisco Mobility Services Engine 8.0(110.0)

Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-03-27 CVE-2015-2760 Mcafee Cross-Site Scripting vulnerability in Mcafee Data Loss Prevention Endpoint

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-03-25 CVE-2015-2559 Debian
Drupal
Improper Access Control vulnerability in multiple products

Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.

3.5
2015-03-24 CVE-2015-0103 IBM Cross-Site Scripting vulnerability in IBM Business Process Manager

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.

3.5
2015-03-23 CVE-2015-2677 Ocportal Cross-Site Scripting vulnerability in Ocportal

Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php.

3.5
2015-03-23 CVE-2015-2289 S9Y Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when creating a new category.

3.5
2015-03-29 CVE-2015-0998 Schneider Electric Information Exposure vulnerability in Schneider-Electric Indusoft web Studio and Wonderware Intouch 2014

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

3.3
2015-03-29 CVE-2015-0999 Schneider Electric Information Exposure vulnerability in Schneider-Electric Indusoft web Studio and Wonderware Intouch 2014

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.

2.1
2015-03-29 CVE-2015-0996 Schneider Electric Information Exposure vulnerability in Schneider-Electric Indusoft web Studio and Wonderware Intouch 2014

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.

2.1
2015-03-27 CVE-2015-2157 Debian
Fedoraproject
Opensuse
Putty
Simon Tatham
Information Exposure vulnerability in multiple products

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

2.1
2015-03-24 CVE-2015-0527 EMC Information Exposure vulnerability in EMC Documentum Xcelerated Management System 1.1

EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.

2.1
2015-03-24 CVE-2015-0136 IBM Information Exposure vulnerability in IBM Powervc

powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.

2.1
2015-03-25 CVE-2014-8923 IBM Information Exposure vulnerability in IBM products

The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file.

1.9
2015-03-25 CVE-2014-6134 IBM Information Exposure vulnerability in IBM Installation Manager and Rational Clearcase

IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account.

1.2