Lista CVE - 2015 / Ottobre
Visualizzazione 601 - 700 di 726 CVE per Ottobre 2015 (Pagina 7 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-7014 | 2015-10-23 | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption... |
| CVE-2015-7015 | 2015-10-23 | Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via... |
| CVE-2015-7016 | 2015-10-23 | The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges... |
| CVE-2015-7018 | 2015-10-23 | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font... |
| CVE-2015-7019 | 2015-10-23 | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service... |
| CVE-2015-7020 | 2015-10-23 | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service... |
| CVE-2015-7021 | 2015-10-23 | The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. |
| CVE-2015-7023 | 2015-10-23 | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via... |
| CVE-2015-1001 | 2015-10-25 | Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. |
| CVE-2015-1002 | 2015-10-25 | IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. |
| CVE-2015-1003 | 2015-10-25 | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. |
| CVE-2015-1005 | 2015-10-25 | IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-6324 | 2015-10-25 | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows remote attackers... |
| CVE-2015-6325 | 2015-10-25 | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.2(4),... |
| CVE-2015-6326 | 2015-10-25 | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4),... |
| CVE-2015-6327 | 2015-10-25 | The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before... |
| CVE-2015-6335 | 2015-10-25 | The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via... |
| CVE-2015-6341 | 2015-10-25 | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors,... |
| CVE-2015-6484 | 2015-10-25 | 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. |
| CVE-2015-4974 | 2015-10-26 | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain root privileges for command execution via... |
| CVE-2015-4981 | 2015-10-26 | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory via... |
| CVE-2015-5011 | 2015-10-26 | IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass intended access... |
| CVE-2015-5014 | 2015-10-26 | IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation. |
| CVE-2015-5448 | 2015-10-26 | HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. |
| CVE-2015-4456 | 2015-10-26 | ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain... |
| CVE-2015-5288 | 2015-10-26 | The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service... |
| CVE-2015-5289 | 2015-10-26 | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors,... |
| CVE-2015-6500 | 2015-10-26 | Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via... |
| CVE-2015-6670 | 2015-10-26 | ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid... |
| CVE-2015-7298 | 2015-10-26 | ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for... |
| CVE-2015-7881 | 2015-10-26 | The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors,... |
| CVE-2015-7699 | 2015-10-26 | The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a... |
| CVE-2014-8242 | 2015-10-26 | librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. |
| CVE-2015-3280 | 2015-10-26 | OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service... |
| CVE-2015-5223 | 2015-10-26 | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. |
| CVE-2015-5251 | 2015-10-26 | OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP... |
| CVE-2015-5286 | 2015-10-26 | OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by... |
| CVE-2015-7673 | 2015-10-26 | io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly... |
| CVE-2015-7674 | 2015-10-26 | Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a... |
| CVE-2015-3218 | 2015-10-26 | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent... |
| CVE-2015-3255 | 2015-10-26 | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. |
| CVE-2015-3256 | 2015-10-26 | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript... |
| CVE-2015-4625 | 2015-10-26 | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of... |
| CVE-2015-5665 | 2015-10-27 | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to... |
| CVE-2015-6340 | 2015-10-27 | The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart)... |
| CVE-2015-3996 | 2015-10-27 | The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in... |
| CVE-2015-5178 | 2015-10-27 | The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote... |
| CVE-2015-5188 | 2015-10-27 | Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to... |
| CVE-2015-5220 | 2015-10-27 | The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via... |
| CVE-2015-5240 | 2015-10-27 | Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing... |
| CVE-2015-5262 | 2015-10-27 | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via... |
| CVE-2015-7986 | 2015-10-27 | The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTTP request, aka SAP Security... |
| CVE-2015-3967 | 2015-10-28 | Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-3968 | 2015-10-28 | The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files... |
| CVE-2015-3969 | 2015-10-28 | Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. |
| CVE-2015-3970 | 2015-10-28 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2015-3971 | 2015-10-28 | The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary... |
| CVE-2015-3972 | 2015-10-28 | The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access... |
| CVE-2015-3973 | 2015-10-28 | Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token... |
| CVE-2015-5712 | 2015-10-28 | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2... |
| CVE-2015-5713 | 2015-10-28 | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2... |
| CVE-2015-6486 | 2015-10-28 | SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified... |
| CVE-2015-6488 | 2015-10-28 | Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrary... |
| CVE-2015-6490 | 2015-10-28 | Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2015-6491 | 2015-10-28 | Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME... |
| CVE-2015-6492 | 2015-10-28 | Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via... |
| CVE-2015-6493 | 2015-10-28 | Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspecified victims via unknown... |
| CVE-2015-6494 | 2015-10-28 | Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-7836 | 2015-10-28 | Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. |
| CVE-2015-7873 | 2015-10-28 | The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
| CVE-2015-7900 | 2015-10-28 | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then... |
| CVE-2015-7901 | 2015-10-28 | Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
| CVE-2015-7902 | 2015-10-28 | Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information... |
| CVE-2015-7903 | 2015-10-28 | SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-7904 | 2015-10-28 | Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload... |
| CVE-2014-8912 | 2015-10-28 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote... |
| CVE-2015-6034 | 2015-10-28 | EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. |
| CVE-2015-7649 | 2015-10-28 | Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| CVE-2015-2898 | 2015-10-29 | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetGroupSequenceEx... |
| CVE-2015-2899 | 2015-10-29 | Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list name in a packet... |
| CVE-2015-2900 | 2015-10-29 | The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted... |
| CVE-2015-2901 | 2015-10-29 | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty info_getproperty... |
| CVE-2015-4994 | 2015-10-29 | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of... |
| CVE-2015-4997 | 2015-10-29 | IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. |
| CVE-2015-5040 | 2015-10-29 | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of... |
| CVE-2015-5668 | 2015-10-29 | SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-5669 | 2015-10-29 | Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. |
| CVE-2015-5670 | 2015-10-29 | Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-5671 | 2015-10-29 | Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. |
| CVE-2015-6006 | 2015-10-29 | The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow)... |
| CVE-2015-5292 | 2015-10-29 | Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service... |
| CVE-2015-3230 | 2015-10-29 | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to... |
| CVE-2015-5285 | 2015-10-29 | CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login. |
| CVE-2015-5955 | 2015-10-29 | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. |
| CVE-2015-7297 | 2015-10-29 | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. |
| CVE-2015-7713 | 2015-10-29 | OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance... |
| CVE-2015-7857 | 2015-10-29 | SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. |
| CVE-2015-7858 | 2015-10-29 | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. |
| CVE-2015-7859 | 2015-10-29 | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7899 | 2015-10-29 | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |