15.10

DATE	CVE	VULNERABILITY TITLE	RISK
2015-08-16	CVE-2015-3747	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. network apple canonical CWE-119	6.8
2015-08-16	CVE-2015-3745	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. network apple canonical CWE-119	6.8
2015-08-16	CVE-2015-3743	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. network apple canonical CWE-119	6.8
2015-08-16	CVE-2015-3741	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. network apple canonical CWE-119	6.8
2015-08-16	CVE-2015-3731	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. network apple canonical CWE-119	6.8
2015-07-14	CVE-2015-5144	Improper Input Validation vulnerability in multiple products Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. network canonical djangoproject debian oracle CWE-20	4.3
2015-07-14	CVE-2015-5143	Resource Management Errors vulnerability in multiple products The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. network low complexity djangoproject debian oracle canonical CWE-399	7.8
2015-02-08	CVE-2014-9665	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. network low complexity fedoraproject canonical freetype opensuse CWE-119	7.5
2015-01-16	CVE-2014-9496	The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. local low complexity libsndfile-project opensuse debian canonical oracle	2.1
2014-06-01	CVE-2014-3925	Credentials Management vulnerability in multiple products sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. network low complexity canonical redhat CWE-255	5.0