Lista CVE - 2015 / Novembre
Visualizzazione 201 - 300 di 361 CVE per Novembre 2015 (Pagina 3 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-7661 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-7662 | 2015-11-11 | Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe... |
| CVE-2015-7663 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-8042 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-8043 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-8044 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-8046 | 2015-11-11 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before... |
| CVE-2015-5441 | 2015-11-12 | Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-6363 | 2015-11-12 | Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via... |
| CVE-2015-6554 | 2015-11-12 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. |
| CVE-2015-6555 | 2015-11-12 | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. |
| CVE-2015-7817 | 2015-11-12 | Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and... |
| CVE-2015-7818 | 2015-11-12 | The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges... |
| CVE-2015-7819 | 2015-11-12 | The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on... |
| CVE-2015-7820 | 2015-11-12 | Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and... |
| CVE-2015-8113 | 2015-11-12 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install... |
| CVE-2015-2698 | 2015-11-13 | The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service... |
| CVE-2015-6045 | 2015-11-13 | Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript... |
| CVE-2015-6366 | 2015-11-13 | Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID... |
| CVE-2015-6478 | 2015-11-13 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. |
| CVE-2015-7905 | 2015-11-13 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. |
| CVE-2015-8126 | 2015-11-13 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x... |
| CVE-2013-5229 | 2015-11-14 | The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep,... |
| CVE-2015-6364 | 2015-11-14 | Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka Bug ID... |
| CVE-2015-6365 | 2015-11-14 | Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka... |
| CVE-2015-6367 | 2015-11-14 | Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. |
| CVE-2015-7404 | 2015-11-14 | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4;... |
| CVE-2015-7419 | 2015-11-14 | IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. |
| CVE-2015-7427 | 2015-11-14 | IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspecified... |
| CVE-2015-7774 | 2015-11-14 | PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. |
| CVE-2015-3977 | 2015-11-15 | Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory... |
| CVE-2015-7830 | 2015-11-15 | The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of... |
| CVE-2015-8104 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by... |
| CVE-2015-2925 | 2015-11-16 | The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container... |
| CVE-2015-5257 | 2015-11-16 | drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a... |
| CVE-2015-5307 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by... |
| CVE-2015-7312 | 2015-11-16 | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free... |
| CVE-2015-7872 | 2015-11-16 | The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. |
| CVE-2014-9752 | 2015-11-16 | Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as... |
| CVE-2015-7712 | 2015-11-16 | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2)... |
| CVE-2015-7815 | 2015-11-16 | Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. |
| CVE-2015-7816 | 2015-11-16 | The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via... |
| CVE-2015-7897 | 2015-11-16 | The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service... |
| CVE-2015-2924 | 2015-11-16 | The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small... |
| CVE-2015-8215 | 2015-11-16 | net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service... |
| CVE-2015-8216 | 2015-11-17 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly... |
| CVE-2015-8217 | 2015-11-17 | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or... |
| CVE-2015-8218 | 2015-11-17 | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have... |
| CVE-2015-8219 | 2015-11-17 | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds... |
| CVE-2015-0272 | 2015-11-17 | GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than... |
| CVE-2015-5217 | 2015-11-17 | providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users... |
| CVE-2015-5276 | 2015-11-17 | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers... |
| CVE-2015-5301 | 2015-11-17 | providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which allows remote authenticated users to cause a denial... |
| CVE-2015-5311 | 2015-11-17 | PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. |
| CVE-2015-5602 | 2015-11-17 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated... |
| CVE-2015-7805 | 2015-11-17 | Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file. |
| CVE-2015-7812 | 2015-11-17 | The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. |
| CVE-2015-7995 | 2015-11-17 | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted... |
| CVE-2015-7996 | 2015-11-17 | The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery... |
| CVE-2015-7997 | 2015-11-17 | Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before... |
| CVE-2015-7998 | 2015-11-17 | The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery... |
| CVE-2015-8221 | 2015-11-17 | Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow. |
| CVE-2015-8220 | 2015-11-17 | Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline... |
| CVE-2015-8222 | 2015-11-17 | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. |
| CVE-2015-8232 | 2015-11-17 | The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from the... |
| CVE-2015-8233 | 2015-11-17 | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script... |
| CVE-2015-6330 | 2015-11-18 | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. |
| CVE-2015-6357 | 2015-11-18 | The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this... |
| CVE-2015-6847 | 2015-11-18 | The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading... |
| CVE-2015-6372 | 2015-11-18 | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2015-6373 | 2015-11-18 | Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611. |
| CVE-2015-4852 | 2015-11-18 | The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic... |
| CVE-2015-5253 | 2015-11-18 | The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with... |
| CVE-2015-5999 | 2015-11-18 | Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrators for requests that (1) change... |
| CVE-2015-7941 | 2015-11-18 | libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the... |
| CVE-2015-7942 | 2015-11-18 | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds... |
| CVE-2015-8023 | 2015-11-18 | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass... |
| CVE-2015-8035 | 2015-11-18 | The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
| CVE-2015-5255 | 2015-11-18 | Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before... |
| CVE-2015-8051 | 2015-11-18 | The Adobe Premiere Clip app before 1.2.1 for iOS mishandles unspecified input, which has unknown impact and attack vectors. |
| CVE-2015-8052 | 2015-11-18 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a... |
| CVE-2015-8053 | 2015-11-18 | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a... |
| CVE-2015-8090 | 2015-11-18 | The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. |
| CVE-2015-6368 | 2015-11-19 | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. |
| CVE-2015-6369 | 2015-11-19 | The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that... |
| CVE-2015-6370 | 2015-11-19 | The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input,... |
| CVE-2015-6371 | 2015-11-19 | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CSCux10621. |
| CVE-2015-6374 | 2015-11-19 | The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to... |
| CVE-2015-4112 | 2015-11-19 | The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks... |
| CVE-2015-7910 | 2015-11-19 | Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header... |
| CVE-2015-8236 | 2015-11-19 | Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access,... |
| CVE-2014-9756 | 2015-11-19 | The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. |
| CVE-2015-0794 | 2015-11-19 | modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. |
| CVE-2015-7385 | 2015-11-19 | Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which... |
| CVE-2015-7845 | 2015-11-19 | The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a... |
| CVE-2015-7984 | 2015-11-19 | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators... |
| CVE-2015-8083 | 2015-11-19 | An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout messages, which allows... |
| CVE-2015-8087 | 2015-11-19 | Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to other VPNs and conduct... |
| CVE-2015-7771 | 2015-11-20 | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2015-7772 | 2015-11-20 | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via... |