Vulnerability Summary for the Week of August 17, 2015

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.

• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID.

• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.

High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity aegirproject -- hostmaster The Hostmaster (Aegir) module 6.x-2.x before 2015-08-18 7.5 CVE-2015-5501 MISC 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for MLIST (link is Drupal allows remote attackers to execute external) arbitrary PHP code via a crafted file in the CONFIRM CONFIRM directory used to write Apache vhost files for hosted sites in a multi-site environment. apple -- mac_os_x dyld in Apple OS X before 10.10.5 does not 2015-08-16 7.2 CVE-2015-3760 CONFIRM (link properly validate pathnames in the is external) environment, which allows local users to gain APPLE (link is privileges via unspecified vectors. external) apple -- mac_os_x The kernel in Apple OS X before 10.10.5 does not 2015-08-16 7.2 CVE-2015-3761 CONFIRM (link properly validate pathnames in the is external) environment, which allows local users to gain APPLE (link is privileges via unspecified vectors. external) apple -- mac_os_x udf in Apple OS X before 10.10.5 allows local 2015-08-16 7.2 CVE-2015-3767 CONFIRM (link users to gain privileges or cause a denial of is external) service (memory corruption and application APPLE (link is crash) via a malformed DMG image. external) apple -- iphone_os Integer overflow in the kernel in Apple iOS 2015-08-16 9.3 CVE-2015-3768 before 8.4.1 and OS X before 10.10.5 allows CONFIRM (link is external) attackers to execute arbitrary code in a CONFIRM (link privileged context via a crafted app that makes is external) unspecified IOKit API calls. APPLE (link is external) APPLE (link is external) apple -- mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3769 CONFIRM (link allows local users to gain privileges or cause a is external) denial of service (memory corruption) via APPLE (link is unspecified vectors, a different vulnerability external) than CVE-2015-3771 and CVE-2015-3772. apple -- mac_os_x IOGraphics in Apple OS X before 10.10.5 allows 2015-08-16 9.3 CVE-2015-3770 CONFIRM (link attackers to execute arbitrary code or cause a is external) denial of service (memory corruption) via a APPLE (link is crafted app, a different vulnerability than CVE- external) 2015-5783. apple -- mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3771 CONFIRM (link allows local users to gain privileges or cause a is external) denial of service (memory corruption) via APPLE (link is unspecified vectors, a different vulnerability external) than CVE-2015-3769 and CVE-2015-3772. apple -- mac_os_x IOFireWireFamily in Apple OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3772 CONFIRM (link allows local users to gain privileges or cause a is external) denial of service (memory corruption) via APPLE (link is unspecified vectors, a different vulnerability external) than CVE-2015-3769 and CVE-2015-3771. apple -- mac_os_x The SMB client in Apple OS X before 10.10.5 2015-08-16 7.5 CVE-2015-3773 CONFIRM (link allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory APPLE (link is corruption and application crash) via unspecified external) vectors. apple -- mac_os_x Apple OS X before 10.10.5 does not properly 2015-08-16 7.2 CVE-2015-3775 CONFIRM (link implement authentication, which allows local is external) users to obtain admin privileges via unspecified APPLE (link is vectors. external) apple -- iphone_os IOKit in Apple iOS before 8.4.1 and OS X before 2015-08-16 9.3 CVE-2015-3776 CONFIRM (link 10.10.5 allows attackers to execute arbitrary is external) code in a privileged context or cause a denial of service (memory corruption and application CONFIRM (link is external) crash) via a malformed plist. APPLE (link is external) APPLE (link is external) apple -- mac_os_x Multiple buffer overflows in blued in the 2015-08-16 7.2 CVE-2015-3777 CONFIRM (link Bluetooth subsystem in Apple OS X before is external) 10.10.5 allow local users to gain privileges via APPLE (link is XPC messages. external) apple -- mac_os_x SceneKit in Apple OS X before 10.10.5 allows 2015-08-16 7.5 CVE-2015-3783 CONFIRM (link remote attackers to execute arbitrary code or is external) cause a denial of service (memory corruption APPLE (link is and application crash) via unspecified vectors. external) apple -- iphone_os libxpc in Apple iOS before 8.4.1 and OS X before 2015-08-16 9.3 CVE-2015-3795 CONFIRM (link 10.10.5 allows attackers to execute arbitrary is external) code in a privileged context or cause a denial of CONFIRM (link service (memory corruption) via a crafted app is external) APPLE (link is that sends a malformed XPC message. external) APPLE (link is external) apple -- iphone_os The TRE library in Libc in Apple iOS before 8.4.1 2015-08-16 7.5 CVE-2015-3796 CONFIRM (link and OS X before 10.10.5 allows context- is external) dependent attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption is external) APPLE (link is and application crash) via a crafted regular external) expression, a different vulnerability than CVE- APPLE (link is 2015-3797 and CVE-2015-3798. external) apple -- iphone_os The TRE library in Libc in Apple iOS before 8.4.1 2015-08-16 7.5 CVE-2015-3797 CONFIRM (link and OS X before 10.10.5 allows context- is external) dependent attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption is external) APPLE (link is and application crash) via a crafted regular external) expression, a different vulnerability than CVE- APPLE (link is 2015-3796 and CVE-2015-3798. external) apple -- iphone_os The TRE library in Libc in Apple iOS before 8.4.1 2015-08-16 7.5 CVE-2015-3798 CONFIRM (link and OS X before 10.10.5 allows context- is external) dependent attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption is external) APPLE (link is and application crash) via a crafted regular external) APPLE (link is expression, a different vulnerability than CVE- external) 2015-3796 and CVE-2015-3797. apple -- mac_os_x The Apple ID OD plug-in in Apple OS X before 2015-08-16 9.3 CVE-2015-3799 CONFIRM (link 10.10.5 allows attackers to change arbitrary user is external) passwords via a crafted app. APPLE (link is external) apple -- iphone_os The DiskImages component in Apple iOS before 2015-08-16 7.2 CVE-2015-3800 CONFIRM (link 8.4.1 and OS X before 10.10.5 allows local users is external) to gain privileges or cause a denial of service CONFIRM (link (memory corruption and application crash) via a is external) APPLE (link is malformed DMG image. external) APPLE (link is external) apple -- iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3802 CONFIRM (link allow local users to bypass a code-signing is external) protection mechanism via a crafted Mach-O file, CONFIRM (link a different vulnerability than CVE-2015-3805. is external) APPLE (link is external) APPLE (link is external) apple -- iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3803 CONFIRM (link allow local users to bypass a code-signing is external) protection mechanism via a crafted multi- CONFIRM (link architecture executable file. is external) APPLE (link is external) APPLE (link is external) apple -- iphone_os FontParser in Apple iOS before 8.4.1 and OS X 2015-08-16 7.5 CVE-2015-3804 CONFIRM (link before 10.10.5 allows remote attackers to is external) execute arbitrary code or cause a denial of CONFIRM (link service (memory corruption and application is external) APPLE (link is crash) via a crafted font file, a different external) vulnerability than CVE-2015-5756 and CVE-2015- APPLE (link is 5775. external) apple -- iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3805 CONFIRM (link allow local users to bypass a code-signing is external) protection mechanism via a crafted Mach-O file, CONFIRM (link is external) a different vulnerability than CVE-2015-3802. APPLE (link is external) APPLE (link is external) apple -- iphone_os Apple iOS before 8.4.1 and OS X before 10.10.5 2015-08-16 7.2 CVE-2015-3806 CONFIRM (link allow local users to bypass a code-signing is external) protection mechanism by appending code to a CONFIRM (link crafted executable file. is external) APPLE (link is external) APPLE (link is external) apple -- mac_os_x Data Detectors Engine in Apple OS X before 2015-08-16 7.5 CVE-2015-5750 CONFIRM (link 10.10.5 allows attackers to execute arbitrary is external) code or cause a denial of service (memory APPLE (link is corruption and application crash) via a crafted external) series of Unicode characters. apple -- mac_os_x Race condition in runner in Install.framework in 2015-08-16 9.3 CVE-2015-5754 CONFIRM (link the Install Framework Legacy component in is external) Apple OS X before 10.10.5 allows attackers to APPLE (link is execute arbitrary code in a privileged context via external) a crafted app that leverages incorrect privilege dropping associated with a locking error. apple -- iphone_os libpthread in Apple iOS before 8.4.1 and OS X 2015-08-16 9.3 CVE-2015-5757 CONFIRM (link before 10.10.5 allows attackers to execute is external) arbitrary code in a privileged context or cause a CONFIRM (link denial of service (memory corruption) via an app is external) APPLE (link is that uses a crafted syscall to interfere with external) locking. APPLE (link is external) apple -- mac_os_x ntfs in Apple OS X before 10.10.5 allows local 2015-08-16 7.2 CVE-2015-5763 CONFIRM (link users to gain privileges or cause a denial of is external) service (memory corruption) via unspecified APPLE (link is vectors. external) apple -- iphone_os The MSVDX driver in Apple iOS before 8.4.1 2015-08-16 7.1 CVE-2015-5769 CONFIRM (link allows remote attackers to cause a denial of is external) service (device crash) via a crafted video. APPLE (link is external) apple -- iphone_os Buffer overflow in IOHIDFamily in Apple iOS 2015-08-16 7.2 CVE-2015-5774 CONFIRM (link before 8.4.1 and OS X before 10.10.5 allows local is external) users to gain privileges via unspecified vectors. CONFIRM (link is external) APPLE (link is external) APPLE (link is external) apple -- iphone_os FontParser in Apple iOS before 8.4.1 and OS X 2015-08-16 7.5 CVE-2015-5775 CONFIRM (link before 10.10.5 allows remote attackers to is external) execute arbitrary code or cause a denial of CONFIRM (link service (memory corruption and application is external) APPLE (link is crash) via a crafted font file, a different external) vulnerability than CVE-2015-3804 and CVE-2015- APPLE (link is 5756. external) apple -- iphone_os Libinfo in Apple iOS before 8.4.1 and OS X before 2015-08-16 7.5 CVE-2015-5776 CONFIRM (link 10.10.5 allows remote attackers to execute is external) arbitrary code or cause a denial of service CONFIRM (link (memory corruption and application crash) by is external) APPLE (link is leveraging use of an AF_INET6 socket. external) APPLE (link is external) apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 7.5 CVE-2015-5779 CONFIRM (link remote attackers to execute arbitrary code or is external) cause a denial of service (memory corruption APPLE (link is and application crash) via a crafted file, a external) different vulnerability than CVE-2015-3765, CVE- 2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753. apple -- mac_os_x IOGraphics in Apple OS X before 10.10.5 allows 2015-08-16 9.3 CVE-2015-5783 CONFIRM (link attackers to execute arbitrary code or cause a is external) denial of service (memory corruption) via a APPLE (link is crafted app, a different vulnerability than CVE- external) 2015-3770. apple -- mac_os_x runner in Install.framework in the Install 2015-08-16 9.3 CVE-2015-5784 CONFIRM (link Framework Legacy component in Apple OS X is external) before 10.10.5 does not properly drop privileges, APPLE (link is which allows attackers to execute arbitrary code external) in a privileged context via a crafted app. arabportal -- arab_portal SQL injection vulnerability in Arab Portal 3 2015-08-18 7.5 CVE-2015-6519 MISC (link is allows remote attackers to execute arbitrary SQL external) EXPLOIT-DB commands via the showemail parameter in a (link is external) signup action to members.php. MISC (link is external) cisco -- The CLI in Cisco TelePresence Video 2015-08-19 7.2 CVE-2015-4327 CISCO (link is telepresence_video_com Communication Server (VCS) Expressway X8.5.2 external) munication_server_softw allows local users to obtain root privileges by are writing script arguments to an unspecified file, aka Bug ID CSCuv12542. emc -- rsa_bsafe Integer underflow in the base64-decoding 2015-08-20 7.5 CVE-2015-0537 BUGTRAQ implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto- C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292. emc -- EMC Documentum Content Server before 6.7SP1 2015-08-20 9.0 CVE-2015-4531 BUGTRAQ documentum_content_se P32, 6.7SP2 before P25, 7.0 before P19, 7.1 rver before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622. emc -- EMC Documentum Content Server before 6.7SP1 2015-08-20 9.0 CVE-2015-4532 BUGTRAQ documentum_content_se P32, 6.7SP2 before P25, 7.0 before P19, 7.1 rver before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. emc -- EMC Documentum Content Server before 6.7SP1 2015-08-20 9.0 CVE-2015-4533 BUGTRAQ documentum_content_se P32, 6.7SP2 before P25, 7.0 before P19, 7.1 rver before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014- 2513. emc -- Java Method Server (JMS) in EMC Documentum 2015-08-20 9.0 CVE-2015-4534 BUGTRAQ documentum_content_se Content Server before 6.7SP1 P32, 6.7SP2 before rver P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter. emc -- Java Method Server (JMS) in EMC Documentum 2015-08-20 7.5 CVE-2015-4535 BUGTRAQ documentum_content_se Content Server before 6.7SP1 P32, 6.7SP2 before rver P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. fastglass -- storage_api The Storage API module 7.x-1.x before 7.x-1.8 for 2015-08-18 7.5 CVE-2015-5502 MISC Drupal does not properly restrict access to CONFIRM Storage API fields attached to entities that are MLIST (link is not nodes, which allows remote attackers to external) have unspecified impact via unknown vectors. j2store -- j2store Multiple SQL injection vulnerabilities in the 2015-08-18 7.5 CVE-2015-6513 CONFIRM J2Store (com_j2store) extension before 3.1.7 for MISC (link is Joomla! allow remote attackers to execute external) arbitrary SQL commands via the (1) sortby or (2) MISC (link is external) manufacturer_ids[] parameter to index.php. microsoft -- office Microsoft Office 2007 SP3, 2010 SP2, and 2013 2015-08-14 9.3 CVE-2015-1642 MS (link is SP1 allows remote attackers to execute arbitrary external) code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." microsoft -- windows_10 Mount Manager in Microsoft Windows Vista SP2, 2015-08-14 7.2 CVE-2015-1769 Windows Server 2008 SP2 and R2 SP1, Windows MS (link is external) 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." microsoft -- windows_7 Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2429 MS (link is 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability." microsoft -- windows_7 Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2430 MS (link is 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability." microsoft -- live_meeting Microsoft Office 2007 SP3 and 2010 SP2, Live 2015-08-14 9.3 CVE-2015-2431 MS (link is Meeting 2007 Console, Lync 2010, Lync 2010 external) Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability." microsoft -- windows_7 ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2432 MS (link is Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." microsoft -- excel Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2435 MS (link is 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." microsoft -- Microsoft Internet Explorer 7 through 11 and 2015-08-14 9.3 CVE-2015-2441 MS (link is internet_explorer Edge allow remote attackers to execute arbitrary external) code or cause a denial of service (memory MS (link is corruption) via a crafted web site, aka "Memory external) Corruption Vulnerability," a different vulnerability than CVE-2015-2452. microsoft -- Microsoft Internet Explorer 8 through 11 and 2015-08-14 9.3 CVE-2015-2442 MS (link is internet_explorer Edge allow remote attackers to execute arbitrary external) code or cause a denial of service (memory MS (link is corruption) via a crafted web site, aka "Memory external) Corruption Vulnerability," a different vulnerability than CVE-2015-2444. microsoft -- Microsoft Internet Explorer 11 and Edge allow 2015-08-14 9.3 CVE-2015-2446 MS (link is internet_explorer remote attackers to execute arbitrary code or external) cause a denial of service (memory corruption) via MS (link is a crafted web site, aka "Memory Corruption external) Vulnerability," a different vulnerability than CVE- 2015-2447. microsoft -- Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2455 MS (link is .net_framework 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE- 2015-2456. microsoft -- Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2456 MS (link is .net_framework 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE- 2015-2455. microsoft -- windows_10 ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2458 MS (link is Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461. microsoft -- windows_10 ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2459 MS (link is Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. microsoft -- ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2460 MS (link is .net_framework Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." microsoft -- windows_10 ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2461 MS (link is Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459. microsoft -- ATMFD.DLL in the Windows Adobe Type 2015-08-14 9.3 CVE-2015-2462 MS (link is .net_framework Manager Library in Microsoft Windows Vista SP2, external) Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." microsoft -- Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2463 MS (link is .net_framework 2008 SP2 and R2 SP1, Windows 7 SP1, Windows external) 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464. microsoft -- Microsoft Windows Vista SP2, Windows Server 2015-08-14 9.3 CVE-2015-2464 .net_framework 2008 SP2 and R2 SP1, Windows 7 SP1, Windows MS (link is external) 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463. microsoft -- office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2015-08-14 9.3 CVE-2015-2466 MS (link is and 2013 RT SP1 allows remote attackers to external) execute arbitrary code via a crafted template, aka "Microsoft Office Remote Code Execution Vulnerability." microsoft -- office Microsoft Office 2007 SP3 allows remote 2015-08-14 9.3 CVE-2015-2467 MS (link is attackers to execute arbitrary code via a crafted external) document, aka "Microsoft Office Memory Corruption Vulnerability." microsoft -- office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2015-08-14 9.3 CVE-2015-2468 MS (link is 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, external) Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." microsoft -- office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2015-08-14 9.3 CVE-2015-2469 MS (link is 2010 SP2, and Office for Mac 2011 allow remote external) attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." microsoft -- office Integer underflow in Microsoft Office 2007 SP3, 2015-08-14 9.3 CVE-2015-2470 MS (link is Office 2010 SP2, Office 2013 SP1, Office 2013 RT external) SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability." microsoft -- windows_7 Untrusted search path vulnerability in the client 2015-08-14 9.3 CVE-2015-2473 MS (link is in Remote Desktop Protocol (RDP) through 8.1 in external) Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability." microsoft -- Microsoft Windows Vista SP2 and Server 2008 2015-08-14 9.0 CVE-2015-2474 MS (link is windows_server_2008 SP2 allow remote authenticated users to execute external) arbitrary code via a crafted string in a Server Message Block (SMB) server error-logging action, aka "Server Message Block Memory Corruption Vulnerability." microsoft -- office Microsoft Office 2007 SP3, Office for Mac 2011, 2015-08-14 9.3 CVE-2015-2477 MS (link is Office for Mac 2016, and Word Viewer allow external) remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." microsoft -- The RyuJIT compiler in Microsoft .NET 2015-08-14 9.3 CVE-2015-2479 MS (link is .net_framework Framework 4.6 produces incorrect code during external) an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE- 2015-2480 and CVE-2015-2481. microsoft -- The RyuJIT compiler in Microsoft .NET 2015-08-14 9.3 CVE-2015-2480 MS (link is .net_framework Framework 4.6 produces incorrect code during external) an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE- 2015-2479 and CVE-2015-2481. microsoft -- The RyuJIT compiler in Microsoft .NET 2015-08-14 9.3 CVE-2015-2481 MS (link is .net_framework Framework 4.6 produces incorrect code during external) an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE- 2015-2479 and CVE-2015-2480. microsoft -- Microsoft Internet Explorer 7 through 11 allows 2015-08-19 9.3 CVE-2015-2502 MS (link is internet_explorer remote attackers to execute arbitrary code or external) cause a denial of service (memory corruption) via MISC (link is a crafted web site, aka "Memory Corruption external) MISC (link is Vulnerability," as exploited in the wild in August external) 2015. MISC (link is external) mozilla -- firefox Multiple unspecified vulnerabilities in the 2015-08-15 10.0 CVE-2015-4473 CONFIRM browser engine in Mozilla Firefox before 40.0 CONFIRM and Firefox ESR 38.x before 38.2 allow remote CONFIRM attackers to cause a denial of service (memory CONFIRM corruption and application crash) or possibly execute arbitrary code via unknown vectors. mozilla -- firefox Multiple unspecified vulnerabilities in the 2015-08-15 10.0 CVE-2015-4474 CONFIRM browser engine in Mozilla Firefox before 40.0 CONFIRM allow remote attackers to cause a denial of CONFIRM service (memory corruption and application CONFIRM CONFIRM crash) or possibly execute arbitrary code via CONFIRM unknown vectors. CONFIRM mozilla -- firefox The mozilla::AudioSink function in Mozilla 2015-08-15 7.5 CVE-2015-4475 CONFIRM Firefox before 40.0 and Firefox ESR 38.x before CONFIRM 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file. mozilla -- firefox Use-after-free vulnerability in the MediaStream 2015-08-15 10.0 CVE-2015-4477 CONFIRM playback feature in Mozilla Firefox before 40.0 CONFIRM allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. mozilla -- firefox Multiple integer overflows in libstagefright in 2015-08-15 10.0 CVE-2015-4479 CONFIRM Mozilla Firefox before 40.0 and Firefox ESR 38.x CONFIRM before 38.2 allow remote attackers to execute CONFIRM arbitrary code via a crafted saio chunk in MPEG-4 video data. mozilla -- firefox Integer overflow in the 2015-08-15 9.3 CVE-2015-4480 CONFIRM stagefright::SampleTable::isValid function in CONFIRM libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding. mozilla -- firefox Heap-based buffer overflow in the 2015-08-15 10.0 CVE-2015-4485 CONFIRM resize_context_buffers function in libvpx in CONFIRM Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data. mozilla -- firefox The decrease_ref_count function in libvpx in 2015-08-15 10.0 CVE-2015-4486 CONFIRM Mozilla Firefox before 40.0 and Firefox ESR 38.x CONFIRM before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out- of-bounds read) via malformed WebM video data. mozilla -- firefox The nsTSubstring::ReplacePrep function in 2015-08-15 7.5 CVE-2015-4487 CONFIRM Mozilla Firefox before 40.0, Firefox ESR 38.x CONFIRM before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow." mozilla -- firefox Use-after-free vulnerability in the 2015-08-15 7.5 CVE-2015-4488 CONFIRM StyleAnimationValue class in Mozilla Firefox CONFIRM before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. mozilla -- firefox The nsTArray_Impl class in Mozilla Firefox before 2015-08-15 7.5 CVE-2015-4489 CONFIRM 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause CONFIRM a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. mozilla -- firefox Use-after-free vulnerability in the 2015-08-15 7.5 CVE-2015-4492 CONFIRM XMLHttpRequest::Open implementation in CONFIRM Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. mozilla -- firefox Heap-based buffer overflow in the 2015-08-15 9.3 CVE-2015-4493 CONFIRM stagefright::ESDS::parseESDescriptor function in CONFIRM libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data. mozilla -- firefox Multiple integer overflows in libstagefright in 2015-08-15 9.3 CVE-2015-4496 CONFIRM Mozilla Firefox before 38.0 allow remote CONFIRM attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file. net-snmp -- net-snmp The snmp_pdu_parse function in snmp_api.c in 2015-08-19 7.5 CVE-2015-5621 CONFIRM (link net-snmp 5.7.2 and earlier does not remove the is external) varBind variable in a netsnmp_variable_list item CONFIRM (link when parsing of the SNMP PDU fails, which is external) UBUNTU (link allows remote attackers to cause a denial of is external) service (crash) and possibly execute arbitrary MLIST (link is code via a crafted packet. external) MLIST (link is external) MLIST (link is external) CONFIRM (link is external) REDHAT (link is external) novalnet -- SQL injection vulnerability in the Novalnet 2015-08-18 7.5 CVE-2015-5504 MISC novalnet_payment_modu Payment Module Ubercart module for Drupal MLIST (link is le_ubercart- allows remote attackers to execute arbitrary SQL external) commands via unspecified vectors. perl -- perl Integer underflow in regcomp.c in Perl before 2015-08-16 7.5 CVE-2013-7422 CONFIRM (link 5.20, as used in Apple OS X before 10.10.5 and is external) other products, allows context-dependent CONFIRM attackers to execute arbitrary code or cause a APPLE (link is external) denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. pimcore -- pimcore SQL injection vulnerability in pimcore before 2015-08-18 7.5 CVE-2015-4426 MISC (link is build 3473 allows remote attackers to execute external) arbitrary SQL commands via the filter parameter CONFIRM (link to admin/asset/grid-proxy. is external) FULLDISC wpslideshow -- Multiple SQL injection vulnerabilities in 2015-08-18 7.5 CVE-2015-5599 MISC powerplay_gallery upload.php in the Powerplay Gallery plugin 3.3 MLIST (link is for WordPress allow remote attackers to execute external) arbitrary SQL commands via the (1) albumid or FULLDISC MISC (link is (2) name parameter. external) wpslideshow -- Unrestricted file upload vulnerability in 2015-08-18 7.5 CVE-2015-5681 MISC powerplay_gallery upload.php in the Powerplay Gallery plugin 3.3 MLIST (link is for WordPress allows remote attackers to external) execute arbitrary code by uploading a file with MLIST (link is external) an executable extension, then accessing it via a FULLDISC direct request to the file in *_uploadfolder/big/. MISC (link is external) wpsymposium -- SQL injection vulnerability in the WP Symposium 2015-08-19 7.5 CVE-2015-6522 EXPLOIT-DB wp_symposium plugin before 15.8 for WordPress allows remote (link is external) attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity administration_vie The Administration Views module 7.x-1.x before 2015-08-18 6.0 CVE-2015-5509 MISC ws_project -- 7.x-1.4 for Drupal, when used with other CONFIRM administration_vie unspecified modules, does not properly grant MLIST (link is ws access to administration pages, which allows external) remote administrators to bypass intended restrictions via unspecified vectors. apache -- activemq The processControlCommand function in 2015-08-14 5.0 CVE-2014-3576 CONFIRM (link broker/TransportConnection.java in Apache is external) ActiveMQ before 5.11.0 allows remote attackers to DEBIAN cause a denial of service (shutdown) via a shutdown MLIST (link is external) command. apache -- activemq Directory traversal vulnerability in the fileserver 2015-08-19 5.0 CVE-2015-1830 SECTRACK upload/download functionality for blob messages (link is external) in Apache ActiveMQ 5.x before 5.11.2 for Windows CONFIRM allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. apache_solr_real- The Apache Solr Real-Time module 7.x-1.x before 2015-08-18 5.0 CVE-2015-5506 MISC time_project -- 7.x-1.2 for Drupal does not check the status of an CONFIRM apache_solr_real- entity when indexing, which allows remote MLIST (link is time attackers to obtain information about unpublished external) content via a search. apple -- safari Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x 2015-08-16 4.3 CVE-2015-3729 CONFIRM (link before 8.0.8, as used in iOS before 8.4.1 and other is external) products, does not indicate what web site CONFIRM (link originated an input prompt, which allows remote is external) APPLE (link is attackers to conduct spoofing attacks via a crafted external) site. APPLE (link is external) apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3730 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3731 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3732 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3733 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3734 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3735 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) APPLE (link is vulnerability than other WebKit CVEs listed in external) APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3736 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3737 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3738 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3739 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3740 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link is external) cause a denial of service (memory corruption and APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is external) APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3741 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3742 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3743 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3744 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3745 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3746 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3747 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3748 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit, as used in Apple iOS before 8.4.1 and Safari 2015-08-16 6.8 CVE-2015-3749 CONFIRM (link before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, is external) allows remote attackers to execute arbitrary code or CONFIRM (link cause a denial of service (memory corruption and is external) APPLE (link is application crash) via a crafted web site, a different external) vulnerability than other WebKit CVEs listed in APPLE (link is APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13- external) 3. apple -- safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, 2015-08-16 6.4 CVE-2015-3750 CONFIRM (link and 8.x before 8.0.8, as used in iOS before 8.4.1 and is external) other products, does not enforce the HTTP Strict CONFIRM (link Transport Security (HSTS) protection mechanism for is external) APPLE (link is Content Security Policy (CSP) report requests, which external) allows man-in-the-middle attackers to obtain APPLE (link is sensitive information by sniffing the network or external) spoof a report by modifying the client-server data stream. apple -- safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, 2015-08-16 5.0 CVE-2015-3751 CONFIRM (link and 8.x before 8.0.8, as used in iOS before 8.4.1 and is external) other products, allows remote attackers to bypass a CONFIRM (link Content Security Policy protection mechanism by is external) APPLE (link is using a video control in conjunction with an IMG external) element within an OBJECT element. APPLE (link is external) apple -- safari The Content Security Policy implementation in 2015-08-16 5.0 CVE-2015-3752 CONFIRM (link WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, is external) and 8.x before 8.0.8, as used in iOS before 8.4.1 and CONFIRM (link other products, does not properly restrict cookie is external) APPLE (link is transmission for report requests, which allows external) remote attackers to obtain sensitive information via APPLE (link is vectors involving (1) a cross-origin request or (2) a external) private-browsing request. apple -- safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, 2015-08-16 5.0 CVE-2015-3753 CONFIRM (link and 8.x before 8.0.8, as used in iOS before 8.4.1 and is external) other products, does not properly perform taint CONFIRM (link checking for CANVAS elements, which allows is external) APPLE (link is remote attackers to bypass the Same Origin Policy external) and obtain sensitive image data by leveraging a APPLE (link is redirect to a data:image resource. external) apple -- safari The private-browsing implementation in WebKit in 2015-08-16 4.3 CVE-2015-3754 CONFIRM (link Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x is external) before 8.0.8 does not prevent caching of HTTP APPLE (link is authentication credentials, which makes it easier external) for remote attackers to track users via a crafted web site. apple -- safari WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, 2015-08-16 4.3 CVE-2015-3755 CONFIRM (link and 8.x before 8.0.8, as used in iOS before 8.4.1 and is external) other products, allows remote attackers to spoof CONFIRM (link the user interface via a malformed URL. is external) APPLE (link is external) APPLE (link is external) apple -- iphone_os UIKit WebView in Apple iOS before 8.4.1 allows 2015-08-16 4.3 CVE-2015-3758 CONFIRM (link attackers to bypass an intended user-confirmation is external) requirement and initiate arbitrary FaceTime calls via APPLE (link is an app that provides a crafted URL. external) apple -- iphone_os Location Framework in Apple iOS before 8.4.1 2015-08-16 4.6 CVE-2015-3759 CONFIRM (link allows local users to bypass intended restrictions on is external) filesystem modification via a symlink. APPLE (link is external) apple -- mac_os_x The Text Formats component in Apple OS X before 2015-08-16 5.0 CVE-2015-3762 CONFIRM (link 10.10.5, as used in TextEdit, allows remote attackers is external) to read arbitrary files via a text file containing an APPLE (link is XML external entity declaration in conjunction with external) an entity reference, related to an XML External Entity (XXE) issue. apple -- iphone_os Safari in Apple iOS before 8.4.1 does not limit the 2015-08-16 4.3 CVE-2015-3763 CONFIRM (link rate of JavaScript alert messages, which allows is external) remote attackers to cause a denial of service APPLE (link is (apparent browser locking) via a crafted web site. external) apple -- mac_os_x Notification Center in Apple OS X before 10.10.5 2015-08-16 4.3 CVE-2015-3764 CONFIRM (link does not properly remove dismissed notifications, is external) which allows attackers to read arbitrary APPLE (link is notifications via a crafted app. external) apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3765 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- iphone_os The kernel in Apple iOS before 8.4.1 and OS X 2015-08-16 4.3 CVE-2015-3766 before 10.10.5 does not properly restrict the CONFIRM (link is external) mach_port_space_info interface, which allows CONFIRM (link attackers to obtain sensitive memory-layout is external) information via a crafted app. APPLE (link is external) APPLE (link is external) apple -- mac_os_x The Dictionary app in Apple OS X before 10.10.5 2015-08-16 4.8 CVE-2015-3774 CONFIRM (link does not use HTTPS, which allows man-in-the- is external) middle attackers to obtain sensitive information by APPLE (link is sniffing the network or spoof word definitions by external) modifying the client-server data stream. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3779 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- mac_os_x The Bluetooth subsystem in Apple OS X before 2015-08-16 4.3 CVE-2015-3780 CONFIRM (link 10.10.5 allows attackers to obtain sensitive kernel is external) memory-layout information via a crafted app. APPLE (link is external) apple -- mac_os_x Cross-site scripting (XSS) vulnerability in Quick Look 2015-08-16 4.3 CVE-2015-3781 CONFIRM (link in Apple OS X before 10.10.5 allows remote is external) attackers to inject arbitrary web script or HTML via a APPLE (link is previously visited web site that is rendered during a external) Quick Look search. apple -- iphone_os CloudKit in Apple iOS before 8.4.1 and OS X before 2015-08-16 4.3 CVE-2015-3782 CONFIRM (link 10.10.5 allows attackers to access an iCloud user is external) record associated with a previous user's login CONFIRM (link session via a crafted app. is external) APPLE (link is external) APPLE (link is external) apple -- iphone_os Office Viewer in Apple iOS before 8.4.1 and OS X 2015-08-16 5.0 CVE-2015-3784 CONFIRM (link before 10.10.5 allows remote attackers to read is external) arbitrary files via an XML document containing an CONFIRM (link external entity declaration in conjunction with an is external) APPLE (link is entity reference, related to an XML External Entity external) (XXE) issue. APPLE (link is external) apple -- mac_os_x The Bluetooth subsystem in Apple OS X before 2015-08-16 4.3 CVE-2015-3786 CONFIRM (link 10.10.5 does not properly restrict Notification is external) Center Service access, which allows attackers to APPLE (link is read Notification Center notifications of certain external) paired devices via a crafted app. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3788 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3789 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3790 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3791 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3792, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-3792 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-5751, CVE-2015-5753, and CVE-2015-5779. apple -- iphone_os CFPreferences in Apple iOS before 8.4.1 allows 2015-08-16 4.3 CVE-2015-3793 CONFIRM (link attackers to bypass the third-party app-sandbox is external) protection mechanism and read arbitrary managed APPLE (link is preferences via a crafted app. external) apple -- mac_os_x The Speech UI in Apple OS X before 10.10.5, when 2015-08-16 6.8 CVE-2015-3794 CONFIRM (link speech alerts are enabled, allows remote attackers is external) to execute arbitrary code or cause a denial of APPLE (link is service (memory corruption and application crash) external) via a crafted Unicode string. apple -- iphone_os libxml2 in Apple iOS before 8.4.1 and OS X before 2015-08-16 4.3 CVE-2015-3807 CONFIRM (link 10.10.5 allows remote attackers to obtain sensitive is external) information from process memory or cause a denial CONFIRM (link of service (memory corruption) via a crafted XML is external) APPLE (link is document. external) APPLE (link is external) apple -- iphone_os AppleFileConduit in Apple iOS before 8.4.1 allows 2015-08-16 5.0 CVE-2015-5746 CONFIRM (link attackers to bypass intended restrictions on is external) filesystem access via an afc command that APPLE (link is leverages symlink mishandling. external) apple -- mac_os_x The fasttrap driver in the kernel in Apple OS X 2015-08-16 4.9 CVE-2015-5747 CONFIRM (link before 10.10.5 allows local users to cause a denial of is external) service (resource consumption) via unspecified APPLE (link is vectors. external) apple -- iphone_os The Sandbox_profiles component in Apple iOS 2015-08-16 4.3 CVE-2015-5749 CONFIRM (link before 8.4.1 allows attackers to bypass the third- is external) party app-sandbox protection mechanism and read APPLE (link is arbitrary managed preferences via a crafted app. external) apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-5751 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5753, and CVE-2015-5779. apple -- iphone_os Backup in Apple iOS before 8.4.1 allows attackers to 2015-08-16 5.0 CVE-2015-5752 CONFIRM (link bypass intended restrictions on filesystem access is external) via a crafted app that creates a symlink. APPLE (link is external) apple -- quicktime QuickTime 7 in Apple OS X before 10.10.5 allows 2015-08-16 6.8 CVE-2015-5753 CONFIRM (link remote attackers to execute arbitrary code or cause is external) a denial of service (memory corruption and APPLE (link is application crash) via a crafted file, a different external) vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5779. apple -- iphone_os CoreText in Apple iOS before 8.4.1 and OS X before 2015-08-16 6.8 CVE-2015-5755 CONFIRM (link 10.10.5 allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory CONFIRM (link corruption and application crash) via a crafted font is external) APPLE (link is file, a different vulnerability than CVE-2015-5761. external) APPLE (link is external) apple -- iphone_os FontParser in Apple iOS before 8.4.1 and OS X 2015-08-16 6.8 CVE-2015-5756 CONFIRM (link before 10.10.5 allows remote attackers to execute is external) arbitrary code or cause a denial of service (memory CONFIRM (link corruption and application crash) via a crafted font is external) APPLE (link is file, a different vulnerability than CVE-2015-3804 external) and CVE-2015-5775. APPLE (link is external) apple -- iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 2015-08-16 6.8 CVE-2015-5758 CONFIRM (link 10.10.5 allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory CONFIRM (link corruption and application crash) via a crafted TIFF is external) APPLE (link is image. external) APPLE (link is external) apple -- iphone_os WebKit in Apple iOS before 8.4.1 allows remote 2015-08-16 5.0 CVE-2015-5759 CONFIRM (link attackers to spoof clicks via a crafted web site that is external) leverages tap events. APPLE (link is external) apple -- iphone_os CoreText in Apple iOS before 8.4.1 and OS X before 2015-08-16 6.8 CVE-2015-5761 CONFIRM (link 10.10.5 allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory CONFIRM (link corruption and application crash) via a crafted font is external) APPLE (link is file, a different vulnerability than CVE-2015-5755. external) APPLE (link is external) apple -- iphone_os Directory traversal vulnerability in Air Traffic in 2015-08-16 5.0 CVE-2015-5766 CONFIRM (link Apple iOS before 8.4.1 allows attackers to access is external) arbitrary filesystem locations via vectors related to APPLE (link is asset handling. external) apple -- mac_os_x AppleGraphicsControl in Apple OS X before 10.10.5 2015-08-16 4.3 CVE-2015-5768 CONFIRM (link allows attackers to obtain sensitive kernel memory- is external) layout information via a crafted app. APPLE (link is external) apple -- iphone_os MobileInstallation in Apple iOS before 8.4.1 does 2015-08-16 5.8 CVE-2015-5770 CONFIRM (link not ensure the uniqueness of universal provisioning is external) profile bundle IDs, which allows attackers to replace APPLE (link is arbitrary extensions via a crafted enterprise app. external) apple -- mac_os_x Quartz Composer Framework in Apple OS X before 2015-08-16 6.8 CVE-2015-5771 CONFIRM (link 10.10.5 allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory APPLE (link is corruption and application crash) via a crafted external) QuickTime file. apple -- mac_os_x Heap-based buffer overflow in SceneKit in Apple OS 2015-08-16 6.8 CVE-2015-5772 CONFIRM (link X before 10.10.5 allows remote attackers to execute is external) arbitrary code via a crafted Collada file. APPLE (link is external) apple -- iphone_os QL Office in Apple iOS before 8.4.1 and OS X before 2015-08-16 6.8 CVE-2015-5773 CONFIRM (link 10.10.5 allows remote attackers to execute arbitrary is external) code or cause a denial of service (memory CONFIRM (link is external) corruption and application crash) via a crafted APPLE (link is office document. external) APPLE (link is external) apple -- iphone_os CoreMedia Playback in Apple iOS before 8.4.1 and 2015-08-16 6.8 CVE-2015-5777 CONFIRM (link OS X before 10.10.5 allows remote attackers to is external) execute arbitrary code or cause a denial of service CONFIRM (link (memory corruption and application crash) via a is external) APPLE (link is crafted movie file, a different vulnerability than external) CVE-2015-5778. APPLE (link is external) apple -- iphone_os CoreMedia Playback in Apple iOS before 8.4.1 and 2015-08-16 6.8 CVE-2015-5778 CONFIRM (link OS X before 10.10.5 allows remote attackers to is external) execute arbitrary code or cause a denial of service CONFIRM (link (memory corruption and application crash) via a is external) APPLE (link is crafted movie file, a different vulnerability than external) CVE-2015-5777. APPLE (link is external) apple -- iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 2015-08-16 4.3 CVE-2015-5781 CONFIRM (link 10.10.5 does not properly initialize an unspecified is external) data structure, which allows remote attackers to CONFIRM (link obtain sensitive information from process memory is external) APPLE (link is via a crafted PNG image. external) APPLE (link is external) apple -- iphone_os ImageIO in Apple iOS before 8.4.1 and OS X before 2015-08-16 4.3 CVE-2015-5782 CONFIRM (link 10.10.5 does not properly initialize an unspecified is external) data structure, which allows remote attackers to CONFIRM (link obtain sensitive information from process memory is external) APPLE (link is via a crafted TIFF image. external) APPLE (link is external) bestpractical -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-14 4.3 CVE-2015-5475 CONFIRM (link request_tracker Request Tracker (RT) 4.x before 4.2.12 allow remote is external) attackers to inject arbitrary web script or HTML via DEBIAN vectors related to the (1) user and (2) group rights management pages. chamilo_integration Open redirect vulnerability in the Chamilo 2015-08-18 5.8 CVE-2015-5503 _project -- integration module 7.x-1.x before 7.x-1.2 for Drupal MISC CONFIRM chamilo_integration allows remote attackers to redirect users to MLIST (link is arbitrary web sites and conduct phishing attacks via external) unspecified parameters. cisco -- nx-os The global-configuration implementation on Cisco 2015-08-19 4.9 CVE-2015-4277 CISCO (link is ASR 9000 devices with software 5.1.3 and 5.3.0 external) improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. cisco -- nx-os Nexus Data Broker (NDB) on Cisco Nexus 3000 2015-08-19 5.0 CVE-2015-4296 CISCO (link is devices with software 6.0(2)A6(1) allows remote external) attackers to cause a denial of service (Java process restart) via crafted connections to the Java application, aka Bug ID CSCut87006. cisco -- Open redirect vulnerability in Cisco WebEx Node for 2015-08-19 5.8 CVE-2015-4297 CISCO (link is webex_node_for_m Media Convergence Server (MCS) allows remote external) cs attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP request parameters, aka Bug ID CSCuv32136. cisco -- Cisco Unified Web and E-Mail Interaction Manager 2015-08-19 6.5 CVE-2015-4298 CISCO (link is unified_web_and_e 9.0(2) and 11.0(1) improperly performs external) - authorization, which allows remote authenticated mail_interaction_m users to read or write to stored data via unspecified anager vectors, aka Bug ID CSCuo89056. cisco -- Cisco Unified Web and E-Mail Interaction Manager 2015-08-19 5.5 CVE-2015-4299 CISCO (link is unified_web_and_e 9.0(2) improperly performs authorization, which external) - allows remote authenticated users to remove mail_interaction_m default messaging-queue system folders via anager unspecified vectors, aka Bug ID CSCuo89046. cisco -- nx-os Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows 2015-08-19 6.8 CVE-2015-4301 CISCO (link is remote authenticated users to cause a denial of external) service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. cisco -- The web interface in Cisco FireSIGHT Management 2015-08-19 6.4 CVE-2015-4302 CISCO (link is firesight_system_so Center 5.3.1.4 allows remote attackers to delete external) ftware arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. cisco -- Cisco TelePresence Video Communication Server 2015-08-20 6.5 CVE-2015-4303 CISCO (link is telepresence_video (VCS) X8.5.2 allows remote authenticated users to external) _communication_se execute arbitrary commands in the context of the rver_software nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. cisco -- The webGUI configuration-export feature in Cisco 2015-08-19 6.8 CVE-2015-4308 CISCO (link is edge_bluebird_ope Edge Bluebird Operating System 1.2 on Edge 340 external) rating_system devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. cisco -- finesse Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-19 4.3 CVE-2015-4310 CISCO (link is Cisco Finesse 10.5(1) allow remote attackers to external) inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. cisco -- The System Snapshot feature in Cisco TelePresence 2015-08-19 4.0 CVE-2015-4314 CISCO (link is telepresence_video Video Communication Server (VCS) Expressway external) _communication_se X8.5.1 allows remote authenticated users to obtain rver_software sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. cisco -- The Call Policy Configuration page in Cisco 2015-08-19 5.5 CVE-2015-4315 CISCO (link is telepresence_video TelePresence Video Communication Server (VCS) external) _communication_se Expressway X8.5.3 improperly validates external rver_software DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. cisco -- The Mobile and Remote Access (MRA) endpoint- 2015-08-20 5.5 CVE-2015-4316 CISCO (link is telepresence_video validation feature in Cisco TelePresence Video external) _communication_se Communication Server (VCS) Expressway X8.5.2 rver_software improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. cisco -- Cisco TelePresence Video Communication Server 2015-08-19 5.0 CVE-2015-4317 CISCO (link is telepresence_video (VCS) Expressway X8.5.2 allows remote attackers to external) _communication_se cause a denial of service via invalid variables in an rver_software authentication packet, aka Bug ID CSCuv40469. cisco -- Cisco TelePresence Video Communication Server 2015-08-20 5.0 CVE-2015-4318 CISCO (link is telepresence_video (VCS) Expressway X8.5.2 allows remote attackers to external) _communication_se cause a denial of service via invalid variables in a rver_software GET request, aka Bug ID CSCuv40528. cisco -- The password-change feature in the administrative 2015-08-20 5.5 CVE-2015-4319 CISCO (link is telepresence_video web interface in Cisco TelePresence Video external) _communication_se Communication Server (VCS) Expressway X8.5.1 rver_software improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. cisco -- The Configuration Log File component in Cisco 2015-08-19 4.0 CVE-2015-4320 CISCO (link is telepresence_video TelePresence Video Communication Server (VCS) external) _communication_se Expressway X8.5.2 allows remote authenticated rver_software users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. cisco -- The Unicast Reverse Path Forwarding (uRPF) 2015-08-20 5.0 CVE-2015-4321 CISCO (link is adaptive_security_a implementation in Cisco Adaptive Security external) ppliance_software Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724. cisco -- Cisco Content Security Management Appliance 2015-08-19 5.5 CVE-2015-4322 CISCO (link is content_security_m (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly external) anagement_applian restricts the privileges available after LDAP ce authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. cisco -- Buffer overflow in Cisco NX-OS on Nexus 1000V 2015-08-19 6.1 CVE-2015-4323 CISCO (link is mds_9000_nx-os devices for VMware vSphere 7.3(0)ZN(0.9); Nexus external) 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. cisco -- nx-os Buffer overflow in Cisco NX-OS on Nexus 1000V 2015-08-19 6.1 CVE-2015-4324 CISCO (link is devices for VMware vSphere 7.3(0)ZN(0.81), Nexus external) 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. cisco -- Cisco TelePresence Video Communication Server 2015-08-19 4.0 CVE-2015-4328 CISCO (link is telepresence_video (VCS) Expressway X8.5.2 improperly checks for a external) _communication_se user account's read-only attribute, which allows rver_software remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. cisco -- The administrator web interface in Cisco 2015-08-20 6.5 CVE-2015-4329 CISCO (link is telepresence_video TelePresence Video Communication Server (VCS) external) _communication_se X8.5.2 allows remote authenticated users to rver_software execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. cisco -- Cross-site scripting (XSS) vulnerability in Cisco 2015-08-19 4.3 CVE-2015-6255 CISCO (link is unified_web_and_e Unified Web and E-Mail Interaction Manager 9.0(2) external) - allows remote attackers to inject arbitrary web mail_interaction_m script or HTML via a crafted chat message, aka Bug anager ID CSCuo89051. codelogic -- freichat SQL injection vulnerability in the get_messages 2015-08-18 5.0 CVE-2015-6512 EXPLOIT-DB function in server/plugins/chatroom/chatroom.php (link is external) in FreiChat 9.6 allows remote attackers to execute MISC (link is arbitrary SQL commands via the time parameter to external) MISC (link is server/freichat.php. external) codfront_labs -- The HTTP Strict Transport Security (HSTS) module 2015-08-18 6.8 CVE-2015-5505 MISC http_strict_transpor 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for CONFIRM t_security Drupal does not properly implement the "include CONFIRM subdomains" directive, which causes the HSTS MLIST (link is external) policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors. content_constructio Open redirect vulnerability in the Content 2015-08-18 5.8 CVE-2015-5510 CONFIRM n_kit_project -- Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for MISC content_constructio Drupal allows remote attackers to redirect users to MLIST (link is n_kit arbitrary web sites and conduct phishing attacks via external) the destinations parameter, related to administration pages. coppermine-gallery Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-20 4.3 CVE-2015-6528 MISC (link is -- install_classic.php in Coppermine Photo Gallery external) coppermine_photo (CPG) 1.5.36 allow remote attackers to inject _gallery arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. cygnux -- syspass SQL injection vulnerability in cygnux.org sysPass 2015-08-18 6.5 CVE-2015-6516 MISC (link is 1.0.9 and earlier allows remote authenticated users external) to execute arbitrary SQL commands via the search EXPLOIT-DB parameter to ajax/ajax_search.php. (link is external) BUGTRAQ (link is external) MISC (link is external) dell -- Dell Netvault Backup before 10.0.5 allows remote 2015-08-14 5.0 CVE-2015-5696 EXPLOIT-DB netvault_backup attackers to cause a denial of service (crash) via a (link is external) crafted request. SECTRACK (link is external) BUGTRAQ (link is external) MISC (link is external) dev4press -- Cross-site scripting (XSS) vulnerability in 2015-08-18 4.3 CVE-2015-5481 CONFIRM gd_bbpress_attach forms/panels.php in the GD bbPress Attachments MISC (link is ments plugin before 2.3 for WordPress allows remote external) FULLDISC attackers to inject arbitrary web script or HTML via MISC (link is the tab parameter in the gdbbpress_attachments external) page to wp-admin/edit.php. dev4press -- Directory traversal vulnerability in the GD bbPress 2015-08-18 4.0 CVE-2015-5482 CONFIRM gd_bbpress_attach Attachments plugin before 2.3 for WordPress allows MISC (link is ments remote administrators to include and execute external) arbitrary local files via a .. (dot dot) in the tab MISC (link is external) parameter in the gdbbpress_attachments page to wp-admin/edit.php. devexpress -- Directory traversal vulnerability in the 2015-08-18 6.4 CVE-2015-4670 BUGTRAQ ajax_control_toolkit AjaxFileUpload control in DevExpress AJAX Control (link is external) Toolkit (aka AjaxControlToolkit) before 15.1 allows MISC (link is remote attackers to write to arbitrary files via a .. external) (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd. elasticsearch -- Directory traversal vulnerability in Elasticsearch 2015-08-17 5.0 CVE-2015-5531 CONFIRM (link elasticsearch before 1.6.1 allows remote attackers to read is external) arbitrary files via unspecified vectors related to BID (link is snapshot API calls. external) BUGTRAQ (link is external) MISC (link is external) emc -- rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 2015-08-20 4.3 CVE-2015-0533 BUGTRAQ before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE- 2014-3572. emc -- rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 2015-08-20 5.0 CVE-2015-0534 BUGTRAQ before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. emc -- rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 2015-08-20 4.3 CVE-2015-0535 BUGTRAQ before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015- 0204. emc -- Multiple cross-site request forgery (CSRF) 2015-08-20 6.8 CVE-2015-0542 BUGTRAQ rsa_archer_egrc vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. emc -- Cross-site request forgery (CSRF) vulnerability in 2015-08-20 6.8 CVE-2015-4530 BUGTRAQ documentum_admi EMC Documentum WebTop before 6.8P01, nistrator Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote attackers to hijack the authentication of arbitrary users. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2518. entityform_block_p The Entityform Block module 7.x-1.x before 7.x-1.3 2015-08-18 5.0 CVE-2015-5493 MISC roject -- for Drupal does not properly check permissions CONFIRM entityform_block when a form is locked to a role, which allows MLIST (link is remote attackers to obtain access to certain external) entityforms via unspecified vectors. gnome -- gdk- Integer overflow in the make_filter_table function 2015-08-15 6.8 CVE-2015-4491 CONFIRM pixbuf in pixops/pixops.c in gdk-pixbuf before 2.31.5, as CONFIRM (link used in Mozilla Firefox before 40.0 and Firefox ESR is external) 38.x before 38.2 on Linux, Google Chrome on Linux, CONFIRM CONFIRM and other products, allows remote attackers to CONFIRM execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. gnu -- gnutls GnuTLS before 2.9.10 does not verify the activation 2015-08-14 4.3 CVE-2014-8155 and expiration dates of CA certificates, which allows CONFIRM (link is external) man-in-the-middle attackers to spoof servers via a REDHAT (link certificate issued by a CA certificate that is (1) not is external) yet valid or (2) no longer valid. hybridauth_social_l The HybridAuth Social Login module 7.x-2.x before 2015-08-18 5.0 CVE-2015-5511 MISC ogin_project -- 7.x-2.13 for Drupal allows remote attackers to CONFIRM hybridauth_social_l bypass the user registration by administrator only MLIST (link is ogin configuration and create an account via a social external) login. inline_entity_form_ Cross-site scripting (XSS) vulnerability in the Inline 2015-08-18 4.3 CVE-2015-5507 MISC project -- Entity Form module 7.x-1.x before 7.x-1.6 for Drupal CONFIRM inline_entity_form allows remote authenticated users with permission MLIST (link is to create or edit fields to inject arbitrary web script external) or HTML via unspecified vectors. me_aliases_project The me aliases module 6.x-2.x before 6.x-2.10 and 2015-08-18 5.0 CVE-2015-5512 MISC -- me_aliases 7.x-1.x before 7.x-1.2 for Drupal allows remote CONFIRM attackers to access Views using the "me" user CONFIRM argument handler by substituting "me" for a user id MLIST (link is external) in a URL. CONFIRM microsoft -- Cross-site scripting (XSS) vulnerability in Microsoft 2015-08-14 4.3 CVE-2015-2420 MS (link is system_center_ope System Center 2012 Operations Manager Gold external) rations_manager before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." microsoft -- excel Microsoft Windows Vista SP2, Windows Server 2008 2015-08-14 4.3 CVE-2015-2423 MS (link is SP2 and R2 SP1, Windows 7 SP1, Windows 8, external) Windows 8.1, Windows Server 2012 Gold and R2, MS (link is Windows RT Gold and 8.1, Windows 10, Excel 2007 external) MS (link is SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word external) 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability." microsoft -- Microsoft XML Core Services 3.0 and 5.0 supports 2015-08-14 4.3 CVE-2015-2434 MS (link is xml_core_services SSL 2.0, which makes it easier for remote attackers external) to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE- 2015-2471. microsoft -- Microsoft XML Core Services 3.0, 5.0, and 6.0 allows 2015-08-14 4.3 CVE-2015-2440 MS (link is xml_core_services remote attackers to bypass the ASLR protection external) mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." microsoft -- Microsoft Internet Explorer 7 through 11 and Edge 2015-08-14 4.3 CVE-2015-2449 MS (link is internet_explorer allow remote attackers to bypass the ASLR external) protection mechanism via a crafted web site, aka MS (link is "ASLR Bypass." external) microsoft -- The Client/Server Run-time Subsystem (CSRSS) in 2015-08-14 4.7 CVE-2015-2453 MS (link is windows_7 Microsoft Windows Vista SP2, Windows Server 2008 external) SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that continues to execute during a subsequent user's login session, aka "Windows CSRSS Elevation of Privilege Vulnerability." microsoft -- Microsoft XML Core Services 3.0, 5.0, and 6.0 2015-08-14 4.3 CVE-2015-2471 MS (link is xml_core_services supports SSL 2.0, which makes it easier for remote external) attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. microsoft -- Remote Desktop Session Host (RDSH) in Remote 2015-08-14 4.3 CVE-2015-2472 MS (link is windows_7 Desktop Protocol (RDP) through 8.1 in Microsoft external) Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability." microsoft -- Cross-site scripting (XSS) vulnerability in 2015-08-14 4.3 CVE-2015-2475 MS (link is biztalk_server uddi/search/frames.aspx in the UDDI Services external) component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote attackers to inject arbitrary web script or HTML via the search parameter, aka "UDDI Services Elevation of Privilege Vulnerability." mozilla -- firefox Mozilla Firefox before 40.0 and Firefox ESR 38.x 2015-08-15 5.0 CVE-2015-4478 CONFIRM before 38.2 do not impose certain ECMAScript 6 CONFIRM requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. mozilla -- firefox mar_read.c in the Updater in Mozilla Firefox before 2015-08-15 4.6 CVE-2015-4482 CONFIRM 40.0 and Firefox ESR 38.x before 38.2 allows local CONFIRM users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file. mozilla -- firefox Mozilla Firefox before 40.0 allows man-in-the- 2015-08-15 4.3 CVE-2015-4483 CONFIRM middle attackers to bypass a mixed-content CONFIRM protection mechanism via a feed: URL in a POST request. mozilla -- firefox The js::jit::AssemblerX86Shared::lock_addl function 2015-08-15 5.0 CVE-2015-4484 CONFIRM in the JavaScript implementation in Mozilla Firefox CONFIRM before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object. mozilla -- firefox The nsCSPHostSrc::permits function in 2015-08-15 4.3 CVE-2015-4490 dom/security/nsCSPUtils.cpp in Mozilla Firefox CONFIRM CONFIRM before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior. navigate_project -- The Navigate module for Drupal does not properly 2015-08-18 4.0 CVE-2015-5499 MISC navigate check permissions, which allows remote MLIST (link is authenticated users to modify custom widgets and external) create widget database records by leveraging the "navigate view" permission. openstack -- horizon Cross-site scripting (XSS) vulnerability in the 2015-08-20 4.3 CVE-2015-3219 MLIST (link is Orchestration/Stack section in OpenStack external) Dashboard (Horizon) 2014.2 before 2014.2.4 and MLIST 2015.1.x before 2015.1.1 allows remote attackers to CONFIRM (link is external) inject arbitrary web script or HTML via the BID (link is description parameter in a heat template, which is external) not properly handled in the help_text attribute in the Field class. openstack -- glance OpenStack Glance before 2015.1.1 (kilo) allows 2015-08-14 4.0 CVE-2015-3289 CONFIRM (link remote authenticated users to cause a denial of is external) service (disk consumption) by repeatedly using the MLIST import task flow API to create images and then deleting them. opentext -- Cross-site scripting (XSS) vulnerability in OpenText 2015-08-20 4.3 CVE-2015-6530 MISC (link is secure_mft_2013 Secure MFT 2013 before 2013 R3 P6 and 2014 external) before 2014 R2 P2 allows remote attackers to inject BUGTRAQ arbitrary web script or HTML via the querytext (link is external) parameter to userdashboard.jsp. pass2pdf_project -- The pass2pdf module for Drupal does not restrict 2015-08-18 5.0 CVE-2015-5496 MISC pass2pdf access to generated PDF files, which allows remote MLIST (link is attackers to obtain user passwords via unspecified external) vectors. pfsense -- pfsense Cross-site scripting (XSS) vulnerability in the 2015-08-18 4.3 CVE-2015-4029 CONFIRM WebGUI in pfSense before 2.2.3 allows remote FULLDISC attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiveportal_zones.php. pfsense -- pfsense Cross-site scripting (XSS) vulnerability in pfSense 2015-08-18 4.3 CVE-2015-6508 CONFIRM before 2.2.3 allows remote attackers to inject CONFIRM arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. pfsense -- pfsense Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-18 4.3 CVE-2015-6509 CONFIRM pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. pfsense -- pfsense Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-18 4.3 CVE-2015-6510 CONFIRM pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. pfsense -- pfsense Cross-site scripting (XSS) vulnerability in pfSense 2015-08-18 4.3 CVE-2015-6511 CONFIRM before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. phpipam -- Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-20 4.3 CVE-2015-6529 BUGTRAQ phpipam phpipam 1.1.010 allow remote attackers to inject (link is external) arbitrary web script or HTML via the (1) section MISC (link is parameter to site/error.php or (2) ip parameter to external) site/tools/searchResults.php. phpliteadmin_proje Cross-site request forgery (CSRF) vulnerability in 2015-08-18 6.8 CVE-2015-6517 BUGTRAQ ct -- phpliteadmin phpLiteAdmin 1.1 allows remote attackers to hijack (link is external) the authentication of users for requests that drop MISC (link is database tables via the droptable parameter to external) phpliteadmin.php. phpliteadmin_proje Multiple cross-site scripting (XSS) vulnerabilities in 2015-08-18 4.3 CVE-2015-6518 BUGTRAQ ct -- phpliteadmin phpLiteAdmin 1.1 allow remote attackers to inject (link is external) arbitrary web script or HTML via the (1) PATH_INFO, MISC (link is (2) droptable parameter, or (3) table parameter to external) phpliteadmin.php. picketlink -- The Service Provider (SP) in PicketLink before 2.7.0 2015-08-17 6.0 CVE-2015-0277 CONFIRM picketlink does not ensure that it is a member of an Audience CONFIRM (link element when an AudienceRestriction is specified, is external) which allows remote attackers to log in to other REDHAT (link is external) users' accounts via a crafted SAML assertion. NOTE: REDHAT (link this identifier has been SPLIT per ADT2 due to is external) different vulnerability types. See CVE-2015-6254 for REDHAT (link lack of validation for the Destination attribute in a is external) REDHAT (link Response element in a SAML assertion. is external) picketlink -- The (1) Service Provider (SP) and (2) Identity 2015-08-17 6.0 CVE-2015-6254 CONFIRM picketlink Provider (IdP) in PicketLink before 2.7.0 does not CONFIRM (link ensure that the Destination attribute in a Response is external) element in a SAML assertion matches the location REDHAT (link is external) from which the message was received, which allows REDHAT (link remote attackers to have unspecified impact via is external) unknown vectors. NOTE: this identifier was SPLIT REDHAT (link from CVE-2015-0277 per ADT2 due to different is external) REDHAT (link vulnerability types. is external) pimcore -- pimcore Directory traversal vulnerability in pimcore before 2015-08-18 4.9 CVE-2015-4425 MISC (link is build 3473 allows remote authenticated users with external) the "assets" permission to create or write to CONFIRM (link arbitrary files via a .. (dot dot) in the dir parameter is external) FULLDISC to admin/asset/add-asset-compatibility. portfolio_project -- Cross-site request forgery (CSRF) vulnerability in the 2015-08-19 6.8 CVE-2015-6523 CONFIRM portfolio Portfolio plugin before 1.05 for WordPress allows FULLDISC remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php. shipwire_api_projec The Shipwire API module 7.x-1.x before 7.x-1.03 for 2015-08-18 5.0 CVE-2015-5498 MISC t -- shipwire_api Drupal does not check the view permission for the CONFIRM shipments overview (admin/shipwire/shipments), MLIST (link is which allows remote attackers to obtain sensitive external) information via a request to the page. splunk -- splunk Cross-site scripting (XSS) vulnerability in the 2015-08-18 4.3 CVE-2015-6514 CONFIRM (link Dashboard in Splunk Enterprise 6.2.x before 6.2.4 is external) and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or SECTRACK (link is external) HTML via unspecified vectors. splunk -- splunk Cross-site scripting (XSS) vulnerability in Splunk 2015-08-18 4.3 CVE-2015-6515 CONFIRM (link Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x is external) before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before SECTRACK 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows (link is external) remote attackers to inject arbitrary web script or HTML via a header. techsmith -- Cross-site scripting (XSS) vulnerability in the 2015-08-18 4.3 CVE-2015-5487 CONFIRM camtasia_relay Camtasia Relay module 6.x-2.x before 6.x-3.2 and CONFIRM 7.x-2.x before 7.x-1.3 for Drupal allows remote MISC authenticated users with the "view meta MLIST (link is external) information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab. the_extensible_cata Cross-site request forgery (CSRF) vulnerability in the 2015-08-18 5.1 CVE-2015-5508 MISC log_drupal_toolkit_ XC NCIP Provider module in the eXtensible Catalog MLIST (link is project -- (XC) Drupal Toolkit allows remote attackers to external) the_extensible_cata hijack the authentication of users with the log_drupal_toolkit "administer ncip providers" permission for requests that alter NCIP providers via a crafted request. theeventscalendar Cross-site scripting (XSS) vulnerability in the Event 2015-08-18 4.3 CVE-2015-5485 CONFIRM (link -- eventbrite_tickets Import page (import-eventbrite-events.php) in the is external) Modern Tribe Eventbrite Tickets plugin before MISC (link is 3.10.2 for WordPress allows remote attackers to external) FULLDISC inject arbitrary web script or HTML via the "error" MISC (link is parameter to wp-admin/edit.php. external) theforeman -- Forman before 1.7.4 does not verify SSL certificates 2015-08-14 5.0 CVE-2015-1816 CONFIRM (link foreman for LDAP connections, which allows man-in-the- is external) middle attackers to spoof LDAP servers via a crafted CONFIRM (link certificate. is external) REDHAT (link is external) REDHAT (link is external) CONFIRM theforeman -- Foreman before 1.7.5 allows remote authenticated 2015-08-14 4.0 CVE-2015-1844 CONFIRM (link foreman users to bypass organization and location is external) restrictions by connecting through the REST API. MISC (link is external) CONFIRM (link is external) REDHAT (link is external) REDHAT (link is external) CONFIRM theforeman -- Foreman before 1.8.1 does not set the secure flag 2015-08-14 5.0 CVE-2015-3155 CONFIRM (link foreman for the _session_id cookie in an https session, which is external) makes it easier for remote attackers to capture this CONFIRM (link cookie by intercepting its transmission within an is external) CONFIRM (link http session. is external) REDHAT (link is external) REDHAT (link is external) CONFIRM theforeman -- Foreman before 1.9.0 allows remote authenticated 2015-08-14 6.0 CVE-2015-3235 CONFIRM (link foreman users with the edit_users permission to edit is external) administrator users and change their passwords via REDHAT (link unspecified vectors. is external) REDHAT (link is external) CONFIRM CONFIRM video_consultation Cross-site scripting (XSS) vulnerability in the Video 2015-08-18 4.3 CVE-2015-5492 MISC _project -- Consultation module for Drupal allows remote MLIST (link is video_consultation attackers to inject arbitrary web script or HTML via external) unspecified vectors. videolan -- Cross-site scripting (XSS) vulnerability in the 2015-08-17 4.3 CVE-2014-9743 BID (link is vlc_media_player httpd_HtmlError function in network/httpd.c in the external) web interface in VideoLAN VLC Media Player before MISC (link is 2.2.0 allows remote attackers to inject arbitrary web external) FULLDISC script or HTML via the path info. CONFIRM views_bulk_operati The Views Bulk Operations (VBO) module 6.x-1.x 2015-08-18 4.9 CVE-2015-5515 MISC ons_project -- and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk CONFIRM views_bulk_operati operation for changing Roles is enabled, allows MLIST (link is ons remote authenticated users to edit user accounts external) and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. views_project -- The _views_fetch_data method in 2015-08-18 5.0 CVE-2015-5490 MISC views includes/cache.inc in the Views module 7.x-3.5 CONFIRM through 7.x-3.10 for Drupal does not rebuild the full MISC cache if the static cache is not empty, which allows MLIST (link is external) remote attackers to bypass intended filters and CONFIRM obtain access to hidden content via unspecified vectors. xmlsoft -- libxml The xmlreader in libxml allows remote attackers to 2015-08-14 5.0 CVE-2015-1819 CONFIRM cause a denial of service (memory consumption) via REDHAT (link crafted XML data, related to an XML Entity is external) Expansion (XEE) attack.

Low Severity Vulnerabilities

The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity apple -- iphone_os The Certificate UI in Apple iOS before 8.4.1 does not 2015-08-16 2.1 CVE-2015-3756 CONFIRM (link prevent X.509 certificate acceptance within the lock is external) screen, which allows physically proximate attackers APPLE (link is to establish arbitrary certificate trust relationships by external) completing a dialog. apple -- mac_os_x Apple OS X before 10.10.5 does not properly restrict 2015-08-16 2.1 CVE-2015-3757 CONFIRM (link access to the Date & Time preferences pane, which is external) allows local users to spoof the time by visiting this APPLE (link is pane. external) apple -- iphone_os bootp in Apple iOS before 8.4.1 and OS X before 2015-08-16 3.3 CVE-2015-3778 CONFIRM (link 10.10.5 allows remote attackers to obtain potentially is external) sensitive information about MAC addresses seen in CONFIRM (link previous Wi-Fi sessions by sniffing an 802.11 is external) APPLE (link is network for DNAv4 broadcast traffic. external) APPLE (link is external) apple -- mac_os_x The Bluetooth subsystem in Apple OS X before 2015-08-16 3.3 CVE-2015-3787 CONFIRM (link 10.10.5 allows remote attackers to cause a denial of is external) service via malformed Bluetooth ACL packets. APPLE (link is external) apple -- mac_os_x The kernel in Apple OS X before 10.10.5 does not 2015-08-16 2.1 CVE-2015-5748 CONFIRM (link properly mount HFS volumes, which allows local is external) users to cause a denial of service via a crafted APPLE (link is volume. external) dynamic_display_bl The Dynamic display block module 7.x-1.x before 2015-08-18 3.5 CVE-2015-5491 CONFIRM ock_project -- 7.x-1.1 for Drupal allows remote authenticated users MISC dynamic_display_bl to bypass intended access restrictions and read MLIST (link is ock sensitive titles by leveraging the "administer external) ddblock" permission. emc -- rsa_bsafe EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x 2015-08-20 2.6 CVE-2015-0536 BUGTRAQ before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE- 2015-1787. emc -- EMC Documentum Content Server before 7.0 P20, 2015-08-20 3.5 CVE-2015-4536 BUGTRAQ documentum_cont 7.1 before P18, and 7.2 before P02, when RPC tracing ent_server is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. microsoft -- Object Manager in Microsoft Windows Vista SP2, 2015-08-14 2.1 CVE-2015-2428 MS (link is windows_7 Windows Server 2008 SP2 and R2 SP1, Windows 7 external) SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels during interaction with object symbolic links that originated in a sandboxed process, which allows local users to gain privileges via a crafted application, aka "Windows Object Manager Elevation of Privilege Vulnerability." microsoft -- The kernel in Microsoft Windows Vista SP2, Windows 2015-08-14 2.1 CVE-2015-2433 MS (link is windows_10 Server 2008 SP2 and R2 SP1, Windows 7 SP1, external) Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." microsoft -- The kernel-mode driver in Microsoft Windows Vista 2015-08-14 2.1 CVE-2015-2454 MS (link is windows_7 SP2, Windows Server 2008 SP2 and R2 SP1, Windows external) 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows KMD Security Feature Bypass Vulnerability." microsoft -- The Windows shell in Microsoft Windows Vista SP2, 2015-08-14 2.1 CVE-2015-2465 MS (link is windows_10 Windows Server 2008 SP2 and R2 SP1, Windows 7 external) SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Shell Security Feature Bypass Vulnerability." microsoft -- The WebDAV client in Microsoft Windows Vista SP2, 2015-08-14 2.6 CVE-2015-2476 MS (link is windows_7 Windows Server 2008 SP2 and R2 SP1, Windows 7 external) SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability." migrate_project -- Cross-site scripting (XSS) vulnerability in the Migrate 2015-08-18 2.6 CVE-2015-5514 MISC migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the CONFIRM migrate_ui submodule is enabled, allows user- MLIST (link is assisted remote attackers to inject arbitrary web external) script or HTML via a destination field label. mobile_sliding_me Cross-site scripting (XSS) vulnerability in the Mobile 2015-08-18 2.1 CVE-2015-5495 MISC nu_project -- sliding menu module 7.x-2.x before 7.x-2.1 for CONFIRM mobile_sliding_me Drupal allows remote authenticated users with the MLIST (link is nu "administer menu" permission to inject arbitrary external) web script or HTML via unspecified vectors. mozilla -- firefox Race condition in the Mozilla Maintenance Service in 2015-08-15 3.3 CVE-2015-4481 CONFIRM Mozilla Firefox before 40.0 and Firefox ESR 38.x CONFIRM before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. navigate_project -- Cross-site scripting (XSS) vulnerability in the 2015-08-18 3.5 CVE-2015-5500 MISC navigate Navigate module for Drupal allows remote MLIST (link is authenticated users with certain permissions to external) inject arbitrary web script or HTML via unspecified vectors. niif -- Cross-site scripting (XSS) vulnerability in the 2015-08-18 2.1 CVE-2015-5513 MISC shibboleth_authent Shibboleth authentication module 6.x-4.x before 6.x- CONFIRM ication 4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows CONFIRM remote authenticated users with the "Administer MLIST (link is external) blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. openstack -- glance The import task action in OpenStack Image Service 2015-08-19 3.5 CVE-2015-5163 CONFIRM (link (Glance) 2015.1.x before 2015.1.2 (kilo), when using is external) the V2 API, allows remote authenticated users to REDHAT (link read arbitrary files via a crafted backing file for a is external) MLIST qcow2 image. smart_trim_project Cross-site scripting (XSS) vulnerability in the Smart 2015-08-18 3.5 CVE-2015-5489 MISC -- smart_trim Trim module 7.x-1.x before 7.x-1.5 for Drupal allows CONFIRM remote authenticated users with certain permissions MLIST (link is to inject arbitrary web script or HTML via vectors external) involving the field settings form. thinkshout -- Cross-site scripting (XSS) vulnerability in the 2015-08-18 2.1 CVE-2015-5488 MISC mailchimp MailChimp Signup submodule in the MailChimp CONFIRM module 7.x-3.x before 7.x-3.3 for Drupal allows MLIST (link is remote authenticated users with the "administer external) mailchimp" permission to inject arbitrary web script or HTML via unspecified vectors. web_links_project Cross-site scripting (XSS) vulnerability in the Web 2015-08-18 3.5 CVE-2015-5497 MISC -- web_links Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x CONFIRM before 7.x-1.0 for Drupal allows remote CONFIRM authenticated users with certain permissions to MLIST (link is external) inject arbitrary web script or HTML via unspecified vectors. webform_matrix_c Cross-site scripting (XSS) vulnerability in the 2015-08-18 3.5 CVE-2015-5494 MISC omponent_project Webform Matrix Component module 7.x-4.x before CONFIRM -- 7.x-4.13 for Drupal allows remote authenticated MLIST (link is webform_matrix_c users with certain permissions to inject arbitrary web external) omponent script or HTML via unspecified vectors.

• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which contains a database of every vulnerability that has ever been published).

Uganda Communications Commission – UGCERT Email: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911 Website www.ug-cert.ug Face book / Twitter: UGCERT