14.1 C
London
Thursday, November 23, 2017

VU#719172: Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities

Symantec Web Gateway 5.1.1.24,and possibly earlier versions,contains cross-site scripting and SQL injection vulnerabilities.

VU#613308: Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability

Cisco AsyncOS contains a reflected cross-site scripting(XSS)vulnerability.

VU#758382: Unauthorized modification of UEFI variables in UEFI systems

Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform.

VU#978508: OpenSSL is vulnerable to a man-in-the-middle attack

OpenSSL is vulnerable to a man-in-the-middle attack.

VU#325636: Huawei E303 contains a cross-site request forgery vulnerability

The built-in web interface of Huawei E303 devices contains a cross-site request forgery vulnerability.

VU#124908: Dell ML6000 and Quantum Scalar i500 tape backup system command...

Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability.

VU#537684: Alfresco Enterprise contains multiple cross-site scripting vulnerabilities

Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting(XSS)vulnerabilities.

VU#112412: Bizagi BPM Suite contains multiple vulnerabilities

Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability.

VU#239151: Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability

Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#480428: Juniper ScreenOS is vulnerable to a denial of service from...

Juniper ScreenOS 6.3,and possibly earlier versions,is vulnerable to a denial of service from malformed SSL packets.

VU#902790: Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user,which results in a cross-site request forgery(CSRF)vulnerability. (CWE-352)

VU#693092: Caldera 9.20 contains multiple vulnerabilities

Caldera 9.20,and possibly earlier versions,contains multiple vulnerabilities.