Vulnerability Summary for the Week of August 17, 2015 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity aegir#roject ++ hostmaster The Hostmaster (,egir) module -.x+/.x before 2015-08-18 7.5 CVE-2015-5501 MISC -.x+/.4 and 1.x+2.x before 1.x+2.3+beta/ for MLIST (link is Dru#al allows remote attac$ers to e.ecute external) arbitrary PHP code via a crafted file in the CONFIRM CONFIRM directory used to write ,#ache vhost files for hosted sites in a multi+site environment. a##le ++ mac4os4. dyld in ,##le 5' 6 before 73.13.5 does not 2015-08-16 7.2 CVE-2015-3760 CONFIRM (link #ro#erly validate #athnames in the is external) environment, which allows local users to gain APPLE (link is #rivileges via uns#ecified vectors. external) a##le ++ mac4os4. The $ernel in ,##le 5' 6 before 73.13.8 does not 2015-08-16 7.2 CVE-2015-3761 CONFIRM (link #ro#erly validate #athnames in the is external) environment, which allows local users to gain APPLE (link is #rivileges via uns#ecified vectors. external) a##le ++ mac4os4. udf in ,##le 5' 6 before 73.73.5 allows local 2015-08-16 7.2 CVE-2015-3767 CONFIRM (link users to gain #rivileges or cause a denial of is external) service (memory corru#tion and a##lication APPLE (link is crash) via a malformed DM9 image. external) a##le ++ i#hone4os %nteger overflow in the $ernel in ,##le i5' 2015-08-16 9.3 CVE-2015-3768 before :.4.1 and 5' 6 before 73.13.5 allows CONFIRM (link is external) attac$ers to e.ecute arbitrary code in a CONFIRM (link #rivileged conte.t via a crafted a## that ma$es is external) uns#ecified %5;it ,P% calls. APPLE (link is external) APPLE (link is external) a##le ++ mac4os4. %5<ire=ire<amily in ,##le 5' 6 before 73.73.5 2015-08-16 7.2 CVE-2015-3769 CONFIRM (link allows local users to gain #rivileges or cause a is external) denial of service (memory corru#tion) via APPLE (link is uns#ecified vectors, a different vulnerability external) than !"+/378+2117 and !"+/378+211/. a##le ++ mac4os4. %59ra#hics in ,##le 5' 6 before 73.13.5 allows 2015-08-16 9.3 CVE-2015-3770 CONFIRM (link attac$ers to e.ecute arbitrary code or cause a is external) denial of service (memory corru#tion) via a APPLE (link is crafted a##, a different vulnerability than !"+ external) /378+81:2. a##le ++ mac4os4. %5<ire=ire<amily in ,##le 5' 6 before 73.73.5 2015-08-16 7.2 CVE-2015-3771 CONFIRM (link allows local users to gain #rivileges or cause a is external) denial of service (memory corru#tion) via APPLE (link is uns#ecified vectors, a different vulnerability external) than !"+/378+21-> and !"+/378+211/. a##le ++ mac4os4. %5<ire=ire<amily in ,##le 5' 6 before 73.73.5 2015-08-16 7.2 CVE-2015-3772 CONFIRM (link allows local users to gain #rivileges or cause a is external) denial of service (memory corru#tion) via APPLE (link is uns#ecified vectors, a different vulnerability external) than !"+/378+21-> and !"+/378+2117. a##le ++ mac4os4. The 'M? client in ,##le 5' 6 before 73.13.5 2015-08-16 7.5 CVE-2015-3773 CONFIRM (link allows remote attac$ers to e.ecute arbitrary is external) code or cause a denial of service (memory APPLE (link is corru#tion and a##lication crash) via uns#ecified external) vectors. a##le ++ mac4os4. ,##le 5' 6 before 73.13.5 does not #ro#erly 2015-08-16 7.2 CVE-2015-3775 CONFIRM (link im#lement authentication, which allows local is external) users to obtain admin #rivileges via uns#ecified APPLE (link is vectors. external) a##le ++ i#hone4os %5;it in ,##le i5' before :.4.1 and 5' 6 before 2015-08-16 9.3 CVE-2015-3776 CONFIRM (link 73.13.5 allows attac$ers to e.ecute arbitrary is external) code in a #rivileged conte.t or cause a denial of service (memory corru#tion and a##lication CONFIRM (link is external) crash) via a malformed #list. APPLE (link is external) APPLE (link is external) a##le ++ mac4os4. Multi#le buffer overflows in blued in the 2015-08-16 7.2 CVE-2015-3777 CONFIRM (link ?luetooth subsystem in ,##le 5' 6 before is external) 73.13.5 allow local users to gain #rivileges via APPLE (link is 6P messages. external) a##le ++ mac4os4. 'cene;it in ,##le 5' 6 before 73.73.5 allows 2015-08-16 7.5 CVE-2015-3783 CONFIRM (link remote attac$ers to e.ecute arbitrary code or is external) cause a denial of service (memory corru#tion APPLE (link is and a##lication crash) via uns#ecified vectors. external) a##le ++ i#hone4os lib.#c in ,##le i5' before :.4.1 and 5' 6 before 2015-08-16 9.3 CVE-2015-3795 CONFIRM (link 73.13.5 allows attac$ers to e.ecute arbitrary is external) code in a #rivileged conte.t or cause a denial of CONFIRM (link service (memory corru#tion) via a crafted a## is external) APPLE (link is that sends a malformed 6P message. external) APPLE (link is external) a##le ++ i#hone4os The T@E library in Libc in ,##le i5' before :.4.1 2015-08-16 7.5 CVE-2015-3796 CONFIRM (link and 5' 6 before 73.13.5 allows conte.t+ is external) de#endent attac$ers to e.ecute arbitrary code or CONFIRM (link cause a denial of service (memory corru#tion is external) APPLE (link is and a##lication crash) via a crafted regular external) e.#ression, a different vulnerability than !"+ APPLE (link is /378+21>1 and !"+/378+21>:. external) a##le ++ i#hone4os The T@E library in Libc in ,##le i5' before :.4.1 2015-08-16 7.5 CVE-2015-3797 CONFIRM (link and 5' 6 before 73.13.5 allows conte.t+ is external) de#endent attac$ers to e.ecute arbitrary code or CONFIRM (link cause a denial of service (memory corru#tion is external) APPLE (link is and a##lication crash) via a crafted regular external) e.#ression, a different vulnerability than !"+ APPLE (link is /378+21>- and !"+/378+21>:. external) a##le ++ i#hone4os The T@E library in Libc in ,##le i5' before :.4.1 2015-08-16 7.5 CVE-2015-3798 CONFIRM (link and 5' 6 before 73.13.5 allows conte.t+ is external) de#endent attac$ers to e.ecute arbitrary code or CONFIRM (link cause a denial of service (memory corru#tion is external) APPLE (link is and a##lication crash) via a crafted regular external) APPLE (link is e.#ression, a different vulnerability than !"+ external) /378+21>- and !"+/378+21>1. a##le ++ mac4os4. The ,##le %D OD #lug+in in ,##le 5' 6 before 2015-08-16 9.3 CVE-2015-3799 CONFIRM (link 73.13.5 allows attac$ers to change arbitrary user is external) #asswords via a crafted a##. APPLE (link is external) a##le ++ i#hone4os The Dis$%mages com#onent in ,##le i5' before 2015-08-16 7.2 CVE-2015-3800 CONFIRM (link :.4.1 and 5' 6 before 73.13.5 allows local users is external) to gain #rivileges or cause a denial of service CONFIRM (link (memory corru#tion and a##lication crash) via a is external) APPLE (link is malformed DM9 image. external) APPLE (link is external) a##le ++ i#hone4os ,##le i5' before :.4.1 and 5' 6 before 73.13.5 2015-08-16 7.2 CVE-2015-3802 CONFIRM (link allow local users to bypass a code+signing is external) #rotection mechanism via a crafted Mach+O file, CONFIRM (link a different vulnerability than !"+/378+2:38. is external) APPLE (link is external) APPLE (link is external) a##le ++ i#hone4os ,##le i5' before :.4.1 and 5' 6 before 73.13.5 2015-08-16 7.2 CVE-2015-3803 CONFIRM (link allow local users to bypass a code+signing is external) #rotection mechanism via a crafted multi+ CONFIRM (link architecture e.ecutable file. is external) APPLE (link is external) APPLE (link is external) a##le ++ i#hone4os <ontParser in ,##le i5' before :.4.1 and 5' 6 2015-08-16 7.5 CVE-2015-3804 CONFIRM (link before 73.13.5 allows remote attac$ers to is external) e.ecute arbitrary code or cause a denial of CONFIRM (link service (memory corru#tion and a##lication is external) APPLE (link is crash) via a crafted font file, a different external) vulnerability than !"+/378+818- and !"+/378+ APPLE (link is 8118. external) a##le ++ i#hone4os ,##le i5' before :.4.1 and 5' 6 before 73.13.5 2015-08-16 7.2 CVE-2015-3805 CONFIRM (link allow local users to bypass a code+signing is external) #rotection mechanism via a crafted Mach+O file, CONFIRM (link is external) a different vulnerability than !"+/378+2:3/. APPLE (link is external) APPLE (link is external) a##le ++ i#hone4os ,##le i5' before :.4.1 and 5' 6 before 73.13.5 2015-08-16 7.2 CVE-2015-3806 CONFIRM (link allow local users to bypass a code+signing is external) #rotection mechanism by a##ending code to a CONFIRM (link crafted e.ecutable file.