Vulnerability Summary for the Week of August 24, 2015

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity actiontec -- Actiontec GT784WN modems with firmware 2015-08-23 8.3 CVE-2015-2904 CERT-VN _ncs01_firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. adobe -- air Use-after-free vulnerability in Adobe Flash Player 2015-08-24 10.0 CVE-2015-5566 CONFIRM (link before 18.0.0.232 on Windows and OS X and is external) before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015- 5134, CVE-2015-5539, CVE-2015-5540, CVE- 2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015- 5565. apache -- tapestry Apache Tapestry before 5.3.6 relies on client-side 2015-08-22 7.8 CVE-2014-1972 CONFIRM object storage without checking whether a client has modified an object, which allows remote CONFIRM JVNDB (link is attackers to cause a denial of service (resource external) consumption) or execute arbitrary code via JVN (link is crafted serialized data. external) apache -- activemq The LDAPLoginModule implementation the Java 2015-08-24 7.5 CVE-2014-3612 BID (link is Authentication and Authorization Service (JAAS) external) in Apache ActiveMQ 5.x before 5.10.1 allows MLIST remote attackers to bypass authentication by REDHAT (link is external) logging in with an empty password and valid REDHAT (link username, which triggers an unauthenticated is external) bind. NOTE: this identifier has been SPLIT per CONFIRM ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. drupal -- drupal SQL injection vulnerability in the SQL comment 2015-08-24 7.5 CVE-2015-6659 CONFIRM filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. f5 -- big- Memory leak in the virtual server component in 2015-08-24 7.8 CVE-2015-5058 CONFIRM (link ip_access_policy_manage F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, is external) r GTM, Link Controller, and PEM 11.5.x before SECTRACK 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before (link is external) HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. hp -- Unspecified vulnerability in HP Operations 2015-08-22 10.0 CVE-2015-2137 HP (link is operations_manager_i Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and external) 10.01 allows remote attackers to execute arbitrary code via unknown vectors. hp -- hspa+_gobi_4g The HP lt4112 LTE/HSPA+ Gobi 4G module with 2015-08-27 7.8 CVE-2015-5368 HP (link is firmware before 12.500.00.15.1803 on EliteBook, external) ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors. hp -- HP Systems Insight Manager (SIM) before 7.5.0, 2015-08-26 7.2 CVE-2015-5402 systems_insight_manager as used in HP Matrix Operating Environment HP (link is external) before 7.5.0 and other products, allows local HP (link is users to gain privileges, and consequently obtain external) sensitive information, modify data, or cause a denial of service, via unspecified vectors. hp -- HP Systems Insight Manager (SIM) before 7.5.0, 2015-08-26 7.5 CVE-2015-5404 HP (link is systems_insight_manager as used in HP Matrix Operating Environment external) before 7.5.0 and other products, allows remote HP (link is attackers to obtain sensitive information or external) modify data via unspecified vectors. hp -- HP CentralView Fraud Risk Management 11.1, 2015-08-22 9.0 CVE-2015-5406 HP (link is centralview_credit_risk_c 11.2, and 11.3; CentralView Revenue Leakage external) ontrol Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408. hp -- Buffer overflow in HP Version Control Repository 2015-08-26 7.5 CVE-2015-5409 HP (link is version_control_repositor Manager (VCRM) before 7.5.0 allows remote external) y_manager authenticated users to modify data or cause a denial of service via unspecified vectors. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5416 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5417 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5418 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5419 10.23.0.1 and 10.24.x before 10.24.0.1 allows HP (link is external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5420 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5421 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5422 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5423 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. hp -- keyview Unspecified vulnerability in HP KeyView before 2015-08-24 7.5 CVE-2015-5424 HP (link is 10.23.0.1 and 10.24.x before 10.24.0.1 allows external) remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. hp -- HP Matrix Operating Environment before 7.5.0 2015-08-26 7.5 CVE-2015-5427 HP (link is matrix_operating_environ allows remote attackers to obtain sensitive external) ment information or modify data via unspecified vectors, a different vulnerability than CVE-2015- 5428 and CVE-2015-5429. hp -- HP Matrix Operating Environment before 7.5.0 2015-08-26 7.5 CVE-2015-5428 HP (link is matrix_operating_environ allows remote attackers to obtain sensitive external) ment information or modify data via unspecified vectors, a different vulnerability than CVE-2015- 5427 and CVE-2015-5429. hp -- HP Matrix Operating Environment before 7.5.0 2015-08-26 7.5 CVE-2015-5429 HP (link is matrix_operating_environ allows remote attackers to obtain sensitive external) ment information or modify data via unspecified vectors, a different vulnerability than CVE-2015- 5427 and CVE-2015-5428. hp -- HP Virtual Connect Enterprise Manager (VCEM) 2015-08-26 7.5 CVE-2015-5432 HP (link is virtual_connect_enterpris SDK before 7.5.0, as used in HP Matrix Operating external) e_manager_sdk Environment before 7.5.0 and other products, HP (link is allows remote attackers to obtain sensitive external) information or modify data via unspecified vectors. ibm -- systems_director IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 2015-08-23 7.2 CVE-2015-1992 CONFIRM (link 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 is external) improperly processes events, which allows local AIXAPAR (link users to gain privileges via unspecified vectors. is external) CONFIRM (link is external) libevent_project -- Multiple integer overflows in the evbuffer API in 2015-08-24 7.5 CVE-2014-6272 DEBIAN libevent Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, MLIST and 2.1.x before 2.1.5-beta allow context- dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. libevent_project -- Multiple integer overflows in the evbuffer API in 2015-08-24 7.5 CVE-2015-6525 DEBIAN libevent Libevent 2.0.x before 2.0.22 and 2.1.x before MLIST 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014- 6272 per ADT3 due to different affected versions. mobile_devices -- c4_obd- ** DISPUTED ** Mobile Devices (aka MDI) C4 2015-08-23 9.0 CVE-2015-2906 CONFIRM ii_dongle_firmware OBD-II dongles with firmware 2.x and 3.4.x, as CERT-VN used in Metromile Pulse and other products, MISC store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. NOTE: the vendor states "This was a flaw for the developer/debugging devices (again not possible in production versions)." mobile_devices -- c4_obd- ** DISPUTED ** Mobile Devices (aka MDI) C4 2015-08-23 9.0 CVE-2015-2907 CONFIRM ii_dongle_firmware OBD-II dongles with firmware 2.x and 3.4.x, as CERT-VN used in Metromile Pulse and other products, MISC have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. NOTE: the vendor states "This was a flaw for the developer/debugging devices (again not possible in production versions)." mobile_devices -- c4_obd- ** DISPUTED ** Mobile Devices (aka MDI) C4 2015-08-23 9.0 CVE-2015-2908 CONFIRM ii_dongle_firmware OBD-II dongles with firmware 2.x and 3.4.x, as CERT-VN used in Metromile Pulse and other products, do MISC not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states "This was a flaw for the developer/debugging devices, and was fixed in production version about 3 years ago." openbsd -- openssh sshd in OpenSSH 6.8 and 6.9 uses world-writable 2015-08-23 7.2 CVE-2015-6565 MLIST (link is permissions for TTY devices, which allows local external) users to cause a denial of service (terminal CONFIRM (link disruption) or possibly have unspecified other is external) impact by writing to a device, as demonstrated by writing an escape sequence. polarssl -- polarssl Memory leak in PolarSSL before 1.2.12 and 1.3.x 2015-08-24 7.8 CVE-2014-8628 CONFIRM before 1.3.9 allows remote attackers to cause a CONFIRM denial of service (memory consumption) via a SUSE large number of crafted X.509 certificates. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2014-9744 for the ClientHello message issue. polarssl -- polarssl Memory leak in PolarSSL before 1.3.9 allows 2015-08-24 7.8 CVE-2014-9744 CONFIRM remote attackers to cause a denial of service SUSE (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions. redhat -- openshift Red Hat OpenShift Enterprise 3.0.0.0 does not 2015-08-24 8.5 CVE-2015-5222 REDHAT (link properly check permissions, which allows is external) remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.

Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity actiontec -- Cross-site request forgery (CSRF) vulnerability on 2015-08-23 6.8 CVE-2015-2905 CERT-VN _ncs01_firmware Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. adobe -- Apache Flex BlazeDS, as used in flex-messaging- 2015-08-24 5.0 CVE-2015-3269 CONFIRM (link livecycle_data_servi core.jar in Adobe LiveCycle Data Services (LCDS) is external) ces 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, BUGTRAQ 4.6.2 before 4.6.2.354169, and 4.7 before (link is external) 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. apache -- activemq The LDAPLoginModule implementation the Java 2015-08-24 5.0 CVE-2015-6524 CONFIRM Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE- 2014-3612 per ADT2 due to different vulnerability types. apple -- quicktime Apple QuickTime before 7.7.8 allows remote 2015-08-24 6.8 CVE-2015-5785 APPLE (link is attackers to execute arbitrary code or cause a denial external) of service (memory corruption and application CONFIRM (link crash) via a crafted file, a different vulnerability is external) than CVE-2015-5786. apple -- quicktime Apple QuickTime before 7.7.8 allows remote 2015-08-24 6.8 CVE-2015-5786 APPLE (link is attackers to execute arbitrary code or cause a denial external) of service (memory corruption and application CONFIRM (link crash) via a crafted file, a different vulnerability is external) than CVE-2015-5785. chaos_tool_suite_p Cross-site scripting (XSS) vulnerability in the Ajax 2015-08-24 4.3 CVE-2015-6665 CONFIRM roject -- ctools handler in Drupal 7.x before 7.39 and the Ctools MISC module 6.x-1.x before 6.x-1.14 for Drupal allows CONFIRM remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. cisco -- Cisco ASR 5000 devices with software 2015-08-22 5.0 CVE-2015-6256 CISCO (link is asr_5000_series_sof 19.0.M0.60828 allow remote attackers to cause a external) tware denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. cisco -- The Internet Access Point Protocol (IAPP) module 2015-08-22 5.0 CVE-2015-6258 CISCO (link is wireless_lan_contro on Cisco Wireless LAN Controller (WLC) devices with external) ller_software software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. cisco -- Cisco TelePresence Video Communication Server 2015-08-26 4.0 CVE-2015-6261 telepresence_video (VCS) Expressway X8.5.2 allows remote CISCO (link is external) _communication_se authenticated users to bypass intended access rver_software restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. cisco -- Cross-site request forgery (CSRF) vulnerability in 2015-08-24 6.8 CVE-2015-6262 CISCO (link is prime_infrastructur Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) external) e allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. cisco -- The CLI in Cisco Application Control Engine (ACE) 2015-08-26 4.3 CVE-2015-6265 CISCO (link is application_control 4700 A5 3.0 and earlier allows local users to bypass external) _engine_4700 intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. conntrack- conntrackd in conntrack-tools 1.4.2 and earlier does 2015-08-24 5.0 CVE-2015-6496 CONFIRM tools_project -- not ensure that the optional kernel modules are MLIST (link is conntrack-tools loaded before using them, which allows remote external) attackers to cause a denial of service (crash) via a (1) MLIST (link is external) DCCP, (2) SCTP, or (3) ICMPv6 packet. DEBIAN CONFIRM dell -- Unquoted Windows search path vulnerability in the 2015-08-26 4.4 CVE-2015-4173 BUGTRAQ sonicwall_netexten autorun value in Dell SonicWall NetExtender with (link is external) der_firmware firmware before 7.5.1.2 and 8.x before 8.0.0.3 allows MISC (link is local users to gain privileges via a Trojan horse external) program in the %SYSTEMDRIVE% folder. djangoproject -- contrib.sessions.middleware.SessionMiddleware in 2015-08-24 5.0 CVE-2015-5963 MISC (link is django Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x external) before 1.4.22, and possibly other versions allows UBUNTU (link remote attackers to cause a denial of service is external) (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. djangoproject -- The (1) 2015-08-24 5.0 CVE-2015-5964 MISC (link is django contrib.sessions.backends.base.SessionBase.flush external) and (2) cache_db.SessionStore.flush functions in UBUNTU (link is external) Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. drupal -- drupal Cross-site scripting (XSS) vulnerability in the 2015-08-24 4.3 CVE-2015-6658 CONFIRM Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. drupal -- drupal The Form API in Drupal 6.x before 6.37 and 7.x 2015-08-24 6.8 CVE-2015-6660 CONFIRM before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks." drupal -- drupal Drupal 6.x before 6.37 and 7.x before 7.39 allows 2015-08-24 5.0 CVE-2015-6661 CONFIRM remote attackers to obtain sensitive node titles by reading the menu. gnu -- glibc The getaddrinfo function in glibc before 2.15, when 2015-08-26 5.1 CVE-2013-7424 CONFIRM compiled with libidn and the AI_IDN flag is used, CONFIRM allows context-dependent attackers to cause a CONFIRM (link denial of service (invalid free) and possibly execute is external) CONFIRM (link arbitrary code via unspecified vectors, as is external) demonstrated by an internationalized domain MLIST (link is name to ping6. external) REDHAT (link is external) gnu -- gnutls Double free vulnerability in GnuTLS before 3.3.17 2015-08-24 5.0 CVE-2015-6251 CONFIRM (link and 3.4.x before 3.4.4 allows remote attackers to is external) cause a denial of service via a long CONFIRM (link DistinguishedName (DN) entry in a certificate. is external) BID (link is external) MLIST (link is external) MLIST (link is external) CONFIRM DEBIAN hp -- Unspecified vulnerability in the execve system-call 2015-08-22 4.4 CVE-2015-2132 HP (link is operations_manage implementation in HP HP-UX B.11.11, B.11.23, and external) r_i B.11.31 allows local users to gain privileges via unknown vectors. hp -- HP Systems Insight Manager (SIM) before 7.5.0, as 2015-08-26 4.0 CVE-2015-2139 HP (link is systems_insight_m used in HP Matrix Operating Environment before external) anager 7.5.0 and other products, allows remote HP (link is authenticated users to obtain sensitive information external) via unspecified vectors, a different vulnerability than CVE-2015-5403. hp -- HP Systems Insight Manager (SIM) before 7.5.0, as 2015-08-26 6.5 CVE-2015-2140 HP (link is systems_insight_m used in HP Matrix Operating Environment before external) anager 7.5.0 and other products, allows remote HP (link is authenticated users to obtain sensitive information external) or modify data via unspecified vectors. hp -- The HP lt4112 LTE/HSPA+ Gobi 4G module with 2015-08-27 6.9 CVE-2015-5367 HP (link is hspa+_gobi_4g firmware before 12.500.00.15.1803 on EliteBook, external) ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. hp -- HP Systems Insight Manager (SIM) before 7.5.0, as 2015-08-26 4.0 CVE-2015-5403 HP (link is systems_insight_m used in HP Matrix Operating Environment before external) anager 7.5.0 and other products, allows remote HP (link is authenticated users to obtain sensitive information external) via unspecified vectors, a different vulnerability than CVE-2015-2139. hp -- HP Systems Insight Manager (SIM) before 7.5.0, as 2015-08-26 6.5 CVE-2015-5405 HP (link is systems_insight_m used in HP Matrix Operating Environment before external) anager 7.5.0 and other products, allows remote HP (link is authenticated users to obtain sensitive information, external) modify data, or cause a denial of service via unspecified vectors. hp -- HP CentralView Fraud Risk Management 11.1, 11.2, 2015-08-22 6.0 CVE-2015-5407 HP (link is centralview_credit_ and 11.3; CentralView Revenue Leakage Control 4.1, external) risk_control 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015- 5406 and CVE-2015-5408. hp -- HP CentralView Fraud Risk Management 11.1, 11.2, 2015-08-22 6.0 CVE-2015-5408 HP (link is centralview_credit_ and 11.3; CentralView Revenue Leakage Control 4.1, external) risk_control 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015- 5406 and CVE-2015-5407. hp -- HP Version Control Repository Manager (VCRM) 2015-08-26 6.5 CVE-2015-5410 HP (link is version_control_rep before 7.5.0 allows remote authenticated users to external) ository_manager execute arbitrary code or cause a denial of service via unspecified vectors. hp -- HP Version Control Repository Manager (VCRM) 2015-08-26 6.8 CVE-2015-5411 HP (link is version_control_rep before 7.5.0 allows remote authenticated users to external) ository_manager obtain sensitive information via unspecified vectors. hp -- Cross-site request forgery (CSRF) vulnerability in HP 2015-08-26 6.0 CVE-2015-5412 HP (link is version_control_rep Version Control Repository Manager (VCRM) before external) ository_manager 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. hp -- HP Version Control Repository Manager (VCRM) 2015-08-26 4.0 CVE-2015-5413 HP (link is version_control_rep before 7.5.0 allows remote authenticated users to external) ository_manager gain privileges and obtain sensitive information via unspecified vectors. hp -- HP Matrix Operating Environment before 7.5.0 2015-08-26 5.0 CVE-2015-5430 HP (link is matrix_operating_e allows remote attackers to obtain sensitive external) nvironment information via unspecified vectors. hp -- HP Matrix Operating Environment before 7.5.0 2015-08-26 6.5 CVE-2015-5431 HP (link is matrix_operating_e allows remote authenticated users to obtain external) nvironment sensitive information or modify data via unspecified vectors. hp -- HP Virtual Connect Enterprise Manager (VCEM) SDK 2015-08-26 4.0 CVE-2015-5433 HP (link is virtual_connect_ent before 7.5.0, as used in HP Matrix Operating external) erprise_manager_s Environment before 7.5.0 and other products, HP (link is dk allows remote authenticated users to obtain external) sensitive information via unspecified vectors. ibm -- IBM WebSphere Application Server 7.x before 2015-08-22 5.0 CVE-2015-1932 CONFIRM (link websphere_applicat 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before is external) ion_server 8.5.5.7 and WebSphere Virtual Enterprise before AIXAPAR (link 7.0.0.7 allow remote attackers to obtain potentially is external) sensitive information about the proxy-server software by reading the HTTP Via header. ibm -- domino Open redirect vulnerability in the web server in IBM 2015-08-22 5.8 CVE-2015-2014 CONFIRM (link Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 is external) FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA. ibm -- domino Cross-site scripting (XSS) vulnerability in 2015-08-22 4.3 CVE-2015-2015 CONFIRM (link pubnames.ntf (aka the Directory template) in the is external) web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. ibm -- IBM WebSphere Application Server 7.x before 2015-08-22 5.0 CVE-2015-4938 CONFIRM (link websphere_applicat 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before is external) ion_server 8.5.5.7 allows remote attackers to spoof servlets AIXAPAR (link and obtain sensitive information via unspecified is external) vectors. ibm -- The mailbox-restore feature in IBM Tivoli Storage 2015-08-23 4.0 CVE-2015-4950 CONFIRM (link tivoli_storage_fastb Manager for Mail: Data Protection for Microsoft is external) ack_for_microsoft_ Exchange Server 6.1 before 6.1.3.6, 6.3 before AIXAPAR (link exchange 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; is external) AIXAPAR (link Tivoli Storage FlashCopy Manager: FlashCopy is external) Manager for Microsoft Exchange Server 2.1, 2.2, 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.1; and Tivoli Storage Manager FastBack for Microsoft Exchange 6.1 before 6.1.5.4 does not ensure that the correct mailbox is selected, which allows remote authenticated users to obtain sensitive information via a duplicate alias name. iodata -- wn- I-O DATA DEVICE WN-G54/R2 routers with firmware 2015-08-22 5.0 CVE-2015-2984 CONFIRM (link g54/r2_firmware before 1.03 and NP-BBRS routers allow remote is external) attackers to cause a denial of service (SSDP JVNDB (link is reflection) via UPnP requests. external) JVN (link is external) kernel -- linux-pam The _unix_run_helper_binary function in the 2015-08-24 5.8 CVE-2015-3238 MISC (link is pam_unix module in Linux-PAM (aka pam) before external) 1.2.1, when unable to directly access passwords, MISC (link is allows local users to enumerate usernames or cause external) CONFIRM (link a denial of service (hang) via a large password. is external) MLIST (link is external) REDHAT (link is external) openbsd -- openssh Use-after-free vulnerability in the 2015-08-23 6.9 CVE-2015-6564 CONFIRM (link mm_answer_pam_free_ctx function in monitor.c in is external) sshd in OpenSSH before 7.0 on non-OpenBSD MLIST (link is platforms might allow local users to gain privileges external) CONFIRM (link by leveraging control of the sshd uid to send an is external) unexpectedly early MONITOR_REQ_PAM_FREE_CTX FULLDISC request. openstack -- OpenStack Neutron before 2014.2.4 (juno) and 2015-08-26 4.0 CVE-2015-3221 CONFIRM (link neutron 2015.1.x before 2015.1.1 (kilo), when using the is external) IPTables firewall driver, allows remote REDHAT (link authenticated users to cause a denial of service (L2 is external) MLIST agent crash) by adding an address pair that is rejected by the ipset tool. php_kobo -- Cross-site scripting (XSS) vulnerability in 2015-08-22 4.3 CVE-2015-2982 CONFIRM (link photo_gallery_cms jquery.lightbox-0.5.min.js in PHP Kobo Photo is external) _free Gallery CMS for PC, smartphone and feature phone JVNDB (link is 1.0.1 Free and earlier allows remote authenticated external) JVN (link is users to inject arbitrary web script or HTML via external) unspecified input to admin.php. php_kobo -- Cross-site request forgery (CSRF) vulnerability in 2015-08-22 6.8 CVE-2015-2983 CONFIRM (link photo_gallery_cms admin.php in PHP Kobo Photo Gallery CMS for PC, is external) _free smartphone and feature phone 1.0.1 Free and JVNDB (link is earlier allows remote attackers to hijack the external) JVN (link is authentication of arbitrary users. external) picketlink -- The invokeNextValve function in 2015-08-26 4.0 CVE-2015-3158 CONFIRM picketlink identity/federation/bindings/tomcat/idp/AbstractI CONFIRM (link DPValve.java in PicketLink before 2.8.0.Beta1 does is external) not properly check role based authorization, which CONFIRM (link is external) allows remote authenticated users to gain access to REDHAT (link restricted application resources via a (1) direct is external) request or (2) request through an SP initiated flow. REDHAT (link is external) REDHAT (link is external) REDHAT (link is external) REDHAT (link is external) redhat -- Cross-site scripting (XSS) vulnerability in the 2015-08-24 4.3 CVE-2015-0298 CONFIRM mod_cluster manager web interface in mod_cluster before REDHAT (link 1.3.2.Alpha1 allows remote attackers to inject is external) arbitrary web script or HTML via a crafted MCMP REDHAT (link is external) message. rubygems -- RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, 2015-08-25 4.3 CVE-2015-4020 MISC (link is rubygems and 2.4.x before 2.4.8 does not validate the external) hostname when fetching gems or making API MISC (link is request, which allows remote attackers to redirect external) CONFIRM (link requests to arbitrary domains via a crafted DNS SRV is external) record with a domain that is suffixed with the CONFIRM original domain name, aka a "DNS hijack attack." CONFIRM NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. sap -- netweaver XML external entity (XXE) vulnerability in SAP 2015-08-24 6.8 CVE-2015-6662 MISC (link is NetWeaver Portal 7.4 allows remote attackers to external) read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. sap -- afaria Cross-site scripting (XSS) vulnerability in the Client 2015-08-24 4.3 CVE-2015-6663 MISC (link is form in the Device Inspector page in SAP Afaria 7 external) allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. sap -- XML external entity (XXE) vulnerability in the 2015-08-24 6.8 CVE-2015-6664 mobile_platform application import functionality in SAP Mobile MISC (link is external) Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. sgi -- xfsprogs xfs_metadump in xfsprogs before 3.2.4 does not 2015-08-25 5.0 CVE-2012-2150 CONFIRM (link properly obfuscate file data, which allows remote is external) attackers to obtain sensitive information by reading MLIST (link is a generated image. external) MLIST (link is external) MLIST (link is external) SUSE FEDORA FEDORA FEDORA trend_micro -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-23 4.3 CVE-2015-2872 CERT-VN deep_discovery_ins Trend Micro Deep Discovery Inspector (DDI) on CONFIRM (link pector Deep Discovery Threat appliances with software is external) before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions allow remote attackers to inject arbitrary web script or HTML via (1) crafted input to index.php that is processed by certain Internet Explorer 7 configurations or (2) crafted input to the widget feature. trend_micro -- Trend Micro Deep Discovery Inspector (DDI) on 2015-08-23 5.5 CVE-2015-2873 CERT-VN deep_discovery_ins Deep Discovery Threat appliances with software CONFIRM (link pector before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before is external) 3.7.1248, 3.8.x before 3.8.1263, and other versions allows remote attackers to obtain sensitive information or change the configuration via a direct request to the (1) system log URL, (2) whitelist URL, or (3) blacklist URL. videolan -- VideoLAN VLC media player 2.2.1 allows remote 2015-08-25 6.8 CVE-2015-5949 MISC vlc_media_player attackers to cause a denial of service (crash) and CONFIRM possibly execute arbitrary code via a crafted 3GP BUGTRAQ file, which triggers the freeing of arbitrary pointers. (link is external) MLIST (link is external) MLIST (link is external) DEBIAN MISC (link is external) wireshark -- The proto_tree_add_bytes_item function in 2015-08-24 4.3 CVE-2015-6241 CONFIRM wireshark epan/proto.c in the protocol-tree implementation CONFIRM in Wireshark 1.12.x before 1.12.7 does not properly CONFIRM terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. wireshark -- The wmem_block_split_free_chunk function in 2015-08-24 4.3 CVE-2015-6242 CONFIRM wireshark epan/wmem/wmem_allocator_block.c in the CONFIRM wmem block allocator in the memory manager in CONFIRM Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. wireshark -- The dissector-table implementation in 2015-08-24 4.3 CVE-2015-6243 CONFIRM wireshark epan/packet.c in Wireshark 1.12.x before 1.12.7 CONFIRM mishandles table searches for empty strings, which CONFIRM allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. wireshark -- The dissect_zbee_secure function in 2015-08-24 4.3 CVE-2015-6244 CONFIRM wireshark epan/dissectors/packet-zbee-security.c in the CONFIRM ZigBee dissector in Wireshark 1.12.x before 1.12.7 CONFIRM improperly relies on length fields contained in CONFIRM CONFIRM packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. wireshark -- epan/dissectors/packet-gsm_rlcmac.c in the GSM 2015-08-24 4.3 CVE-2015-6245 CONFIRM wireshark RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 CONFIRM uses incorrect integer data types, which allows CONFIRM remote attackers to cause a denial of service (infinite loop) via a crafted packet. wireshark -- The dissect_wa_payload function in 2015-08-24 4.3 CVE-2015-6246 CONFIRM wireshark epan/dissectors/packet-waveagent.c in the CONFIRM WaveAgent dissector in Wireshark 1.12.x before CONFIRM 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. wireshark -- The dissect_openflow_tablemod_v5 function in 2015-08-24 4.3 CVE-2015-6247 CONFIRM wireshark epan/dissectors/packet-openflow_v5.c in the CONFIRM OpenFlow dissector in Wireshark 1.12.x before CONFIRM 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. wireshark -- The ptvcursor_add function in the ptvcursor 2015-08-24 4.3 CVE-2015-6248 CONFIRM wireshark implementation in epan/proto.c in Wireshark 1.12.x CONFIRM before 1.12.7 does not check whether the expected CONFIRM amount of data is available, which allows remote CONFIRM attackers to cause a denial of service (application crash) via a crafted packet. wireshark -- The dissect_wccp2r1_address_table_info function 2015-08-24 4.3 CVE-2015-6249 CONFIRM wireshark in epan/dissectors/packet-wccp.c in the WCCP CONFIRM dissector in Wireshark 1.12.x before 1.12.7 does not CONFIRM prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. zend -- The Zend_Xml_Security::scan in ZendXml before 2015-08-25 6.8 CVE-2015-5161 EXPLOIT-DB zend_framework 1.0.1 and Zend Framework before 1.12.14, 2.x (link is external) before 2.4.6, and 2.5.x before 2.5.2, when running BID (link is under PHP-FPM in a threaded environment, allows external) DEBIAN remote attackers to bypass security checks and FULLDISC conduct XML external entity (XXE) and XML entity MISC (link is expansion (XEE) attacks via multibyte encoded external) characters. FEDORA MISC (link is external) CONFIRM (link is external) Low Severity Vulnerabilities

The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity cisco -- Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, 2015-08-22 3.5 CVE-2015-4331 CISCO (link is prime_infrastructur when AAA authentication is used, allows remote external) e authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. emc -- Lockbox in EMC Documentum D2 before 4.5 uses a 2015-08-22 3.5 CVE-2015-4537 BUGTRAQ documentum_d2 hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive. ibm -- IBM Integration Bus 9 and 10 before 10.0.0.1 and 2015-08-23 3.5 CVE-2015-2018 CONFIRM (link integration_bus WebSphere Message Broker 7 before 7.0.0.8 and 8 is external) before 8.0.0.7 do not ensure that the correct security AIXAPAR (link profile is selected, which allows remote is external) authenticated users to obtain sensitive information via unspecified vectors. ibm -- IBM Tivoli Storage Manager for Databases: Data 2015-08-22 2.1 CVE-2015-4949 CONFIRM (link tivoli_storage_flash Protection for Microsoft SQL Server 7.1 before 7.1.2, is external) copy_manager Tivoli Storage Manager for Mail: Data Protection for AIXAPAR (link Microsoft Exchange Server 7.1 before 7.1.2, and is external) Tivoli Storage FlashCopy Manager 4.1 before 4.1.2 place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading GUI pop-up windows, a different vulnerability than CVE-2015- 6557. ibm -- IBM Tivoli Storage Manager for Databases: Data 2015-08-22 2.1 CVE-2015-6557 CONFIRM (link tivoli_storage_flash Protection for Microsoft SQL Server 5.5 before is external) copy_manager 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 AIXAPAR (link before 7.1.2; Tivoli Storage Manager for Mail: Data is external) Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949. libunwind_project Off-by-one error in the dwarf_to_unw_regnum 2015-08-26 3.3 CVE-2015-3239 CONFIRM (link -- libunwind function in include/dwarf_i.h in libunwind 1.1 allows is external) local users to have unspecified impact via invalid REDHAT (link dwarf opcodes. is external) CONFIRM mantisbt -- Cross-site scripting (XSS) vulnerability in the "set 2015-08-24 3.5 CVE-2014-8987 CONFIRM (link mantisbt configuration" box in the Configuration Report page is external) (adm_config_report.php) in MantisBT 1.2.13 MLIST (link is through 1.2.17 allows remote administrators to external) MLIST (link is inject arbitrary web script or HTML via the external) config_option parameter, a different vulnerability MLIST (link is than CVE-2014-8986. external) MLIST (link is external) MLIST (link is external) CONFIRM openbsd -- openssh The monitor component in sshd in OpenSSH before 2015-08-23 1.9 CVE-2015-6563 CONFIRM (link 7.0 on non-OpenBSD platforms accepts extraneous is external) username data in MONITOR_REQ_PAM_INIT_CTX MLIST (link is requests, which allows local users to conduct external) CONFIRM (link impersonation attacks by leveraging any SSH login is external) access in conjunction with control of the sshd uid to FULLDISC send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. qemu -- qemu The slirp_smb function in net/slirp.c in QEMU 2.3.0 2015-08-26 1.9 CVE-2015-4037 CONFIRM (link and earlier creates temporary files with predictable is external) MLIST (link is names, which allows local users to cause a denial of external) service (instantiation failure) by creating MLIST (link is /tmp/qemu-smb.*-* files before the program. external) MLIST (link is external) DEBIAN DEBIAN

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT