SB15-082: Vulnerability Summary for the Week of March 16, 2015

Title: SB15-082: Vulnerability Summary for the Week of March 16, 2015

NCCIC / US-CERT

National Cyber Awareness System:

03/23/2015 10:00 AM EDT

Original release date: March 23, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339.	2015年03月13日	10.0	CVE-2015-0332 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339.	2015年03月13日	10.0	CVE-2015-0333 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336.	2015年03月13日	9.3	CVE-2015-0334 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339.	2015年03月13日	10.0	CVE-2015-0335 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.	2015年03月13日	9.3	CVE-2015-0336 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors.	2015年03月13日	10.0	CVE-2015-0338 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335.	2015年03月13日	10.0	CVE-2015-0339 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342.	2015年03月13日	10.0	CVE-2015-0341 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341.	2015年03月13日	10.0	CVE-2015-0342 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
cisco -- telepresence_server_software	Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.	2015年03月13日	7.2	CVE-2015-0660 SECTRACK CISCO
cisco -- anyconnect_secure_mobility_client	Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.	2015年03月16日	7.2	CVE-2015-0662 CISCO
hp -- arcsight_logger	Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.	2015年03月13日	9.0	CVE-2014-7884 CERT-VN HP SECTRACK
hp -- arcsight_enterprise_security_manager	Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.	2015年03月13日	10.0	CVE-2014-7885 CERT-VN HP SECTRACK
ibm -- rational_doors_next_generation	The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.	2015年03月18日	7.8	CVE-2015-0132 CONFIRM
linux -- linux_kernel	The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.	2015年03月16日	7.2	CVE-2014-7822 CONFIRM CONFIRM DEBIAN REDHAT REDHAT REDHAT CONFIRM
linux -- linux_kernel	The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.	2015年03月16日	7.2	CVE-2014-8173 CONFIRM CONFIRM REDHAT CONFIRM
linux -- linux_kernel	The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.	2015年03月16日	7.2	CVE-2015-0274 CONFIRM CONFIRM SECTRACK REDHAT CONFIRM
linux -- linux_kernel	Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.	2015年03月16日	10.0	CVE-2015-1421 CONFIRM CONFIRM MLIST CONFIRM DEBIAN CONFIRM
mybb -- mybb	The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown vectors.	2015年03月19日	7.5	CVE-2015-2352 CONFIRM
openssl -- openssl	Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.	2015年03月19日	7.5	CVE-2015-0292 CONFIRM CONFIRM CONFIRM CONFIRM
scadaengine -- bacnet_opc_server	Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.	2015年03月13日	9.0	CVE-2015-0979 MISC
scadaengine -- bacnet_opc_server	Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.	2015年03月13日	9.0	CVE-2015-0980 MISC
scadaengine -- bacnet_opc_server	The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors.	2015年03月13日	7.5	CVE-2015-0981 MISC
schneider_electric -- pelco_ds-nv	Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors.	2015年03月13日	7.5	CVE-2015-0982 MISC CONFIRM
suse -- opensuse_osc	osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.	2015年03月16日	7.5	CVE-2015-0778 CONFIRM SUSE SUSE
wpml -- wpml	SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.	2015年03月17日	7.5	CVE-2015-2314 BUGTRAQ CONFIRM FULLDISC MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.	2015年03月13日	5.0	CVE-2015-0337 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
adobe -- flash_player	Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors.	2015年03月13日	5.0	CVE-2015-0340 CONFIRM SECTRACK SUSE SUSE SUSE SUSE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1068 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1069 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1070 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1071 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1072 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1073 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1074 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1075 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1076 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1077 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1078 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1079 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1080 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1081 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1082 CONFIRM APPLE
apple -- safari	WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015年03月17日-1.	2015年03月18日	6.8	CVE-2015-1083 CONFIRM APPLE
apple -- safari	The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.	2015年03月18日	5.0	CVE-2015-1084 CONFIRM APPLE
automount_project -- automount	automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.	2015年03月18日	4.4	CVE-2014-8169 CONFIRM CONFIRM SUSE
cimon -- cmnview	Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory.	2015年03月13日	6.9	CVE-2014-9207 MISC
cisco -- anyconnect_secure_mobility_client	Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.	2015年03月16日	6.6	CVE-2015-0663 CISCO
cisco -- anyconnect_secure_mobility_client	The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.	2015年03月18日	4.3	CVE-2015-0664 CISCO
cisco -- anyconnect_secure_mobility_client	The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.	2015年03月16日	6.6	CVE-2015-0665 CISCO
cisco -- content_services_switch_11500_firmware	The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855.	2015年03月18日	5.0	CVE-2015-0667 CISCO
cisco -- webex_meetings_server	Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.	2015年03月19日	4.3	CVE-2015-0668 CISCO
cisco -- videoscape_delivery_system_for_internet_streamer	The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911.	2015年03月19日	5.0	CVE-2015-0671 CISCO
ecryptfs -- ecryptfs-utils	eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.	2015年03月16日	5.0	CVE-2014-9687 MISC UBUNTU MLIST MLIST MLIST
elipse -- e3	Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264.	2015年03月13日	6.9	CVE-2015-0978 MISC
extplorer -- extplorer	Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年03月18日	4.3	CVE-2015-0896 CONFIRM JVNDB JVN
ge -- hydran_m2	The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.	2015年03月13日	5.0	CVE-2014-5409 MISC MISC
hp -- operations_manager_i_management_pack	HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges.	2015年03月13日	6.8	CVE-2015-2107 SECTRACK HP
ibm -- rational_collaborative_lifecycle_management	IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors.	2015年03月18日	5.5	CVE-2014-6129 CONFIRM
ibm -- rational_collaborative_lifecycle_management	IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors.	2015年03月18日	4.0	CVE-2014-6131 CONFIRM
ibm -- api_management	The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.	2015年03月18日	5.5	CVE-2015-0149 CONFIRM AIXAPAR
ibm -- liberty	The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors.	2015年03月18日	4.3	CVE-2015-0178 CONFIRM
libarchive -- libarchive	Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.	2015年03月15日	6.4	CVE-2015-2304 CONFIRM CONFIRM CONFIRM MLIST MLIST DEBIAN
linux -- linux_kernel	The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.	2015年03月16日	6.9	CVE-2014-8159 CONFIRM UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU UBUNTU REDHAT
linux -- linux_kernel	The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.	2015年03月16日	4.9	CVE-2014-8172 CONFIRM CONFIRM MLIST REDHAT CONFIRM
linux -- linux_kernel	The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.	2015年03月16日	5.0	CVE-2015-1593 MLIST CONFIRM CONFIRM MLIST CONFIRM DEBIAN MISC CONFIRM
mybb -- mybb	Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年03月18日	4.3	CVE-2015-2332 CONFIRM
mybb -- mybb	Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	2015年03月18日	4.3	CVE-2015-2333 CONFIRM
mybb -- mybb	Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	2015年03月18日	6.8	CVE-2015-2334 CONFIRM
mybb -- mybb	A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors.	2015年03月18日	5.0	CVE-2015-2335 CONFIRM
openssl -- openssl	The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server.	2015年03月19日	5.0	CVE-2015-0207 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature.	2015年03月19日	4.3	CVE-2015-0208 CONFIRM CONFIRM CONFIRM
openssl -- openssl	Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.	2015年03月19日	6.8	CVE-2015-0209 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack.	2015年03月19日	4.3	CVE-2015-0285 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.	2015年03月19日	5.0	CVE-2015-0286 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.	2015年03月19日	5.0	CVE-2015-0287 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.	2015年03月19日	5.0	CVE-2015-0288 CONFIRM CONFIRM CONFIRM CONFIRM
openssl -- openssl	The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.	2015年03月19日	5.0	CVE-2015-0289 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.	2015年03月19日	5.0	CVE-2015-0290 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.	2015年03月19日	5.0	CVE-2015-0291 CONFIRM CONFIRM CONFIRM
openssl -- openssl	The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.	2015年03月19日	5.0	CVE-2015-0293 CONFIRM CONFIRM CONFIRM
python-requests -- requests	The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.	2015年03月18日	6.8	CVE-2015-2296 CONFIRM CONFIRM UBUNTU MLIST MLIST
schneider-electric -- device_type_manager	Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.	2015年03月13日	6.9	CVE-2014-9206 MISC CONFIRM
wpml -- wpml	Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.	2015年03月17日	4.3	CVE-2015-2315 BUGTRAQ CONFIRM FULLDISC MISC MISC
yoast -- wordpress_seo	Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.	2015年03月17日	6.5	CVE-2015-2292 CONFIRM MISC CONFIRM SECTRACK FULLDISC MISC
yoast -- wordpress_seo	Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.	2015年03月17日	6.8	CVE-2015-2293 CONFIRM MISC CONFIRM SECTRACK FULLDISC MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
ibm -- rational_quality_manager	Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2015年03月18日	3.5	CVE-2015-0124 CONFIRM
ibm -- rational_doors_next_generation	Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2015年03月18日	3.5	CVE-2015-0125 CONFIRM
ibm -- rational_quality_manager	Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.	2015年03月18日	3.5	CVE-2015-0128 CONFIRM
ibm -- content_collector	IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query.	2015年03月18日	2.1	CVE-2015-0146 CONFIRM
linux -- linux_kernel	Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.	2015年03月16日	2.1	CVE-2015-1420 CONFIRM MLIST DEBIAN MLIST
mybb -- mybb	Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) MIME-type field in an add action in the config-attachment_types module to admin/index.php; (2) title or (3) short description field in an add action in the (a) config-mycode or (b) user-groups module to admin/index.php; (4) title field in an add action in the (c) forum-management or (d) tool-tasks module to admin/index.php; (5) name field in an add_set action in the style-templates module to admin/index.php; (6) title field in an add_template_group action in the style-templates module to admin/index.php; (7) name field in an add action in the config-post_icons module to admin/index.php; (8) "title to assign" field in an add action in the user-titles module to admin/index.php; or (9) username field in the config-banning module to admin/index.php.	2015年03月18日	3.5	CVE-2015-2149 CONFIRM MISC MLIST MLIST FULLDISC
openssl -- openssl	The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero.	2015年03月19日	2.6	CVE-2015-1787 CONFIRM CONFIRM CONFIRM
xen -- xen	Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.	2015年03月18日	1.9	CVE-2015-2152 CONFIRM SECTRACK

This product is provided subject to this Notification and this Privacy & Use policy.

OTHER RESOURCES:

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences | Unsubscribe | Help

This email was sent to linux-security@xxxxxxxxxxx using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery