EUVD-2021-2866

Malicious code in bioql PyPI...

CVE-2023-20215

CVE-2023-20215 affects Cisco AsyncOS for Cisco Secure Web Appliance. The vulnerability lies in the scanning engines’ handling of certain content-encodings (deflate, and by default lzma/brotli in some cases), enabling an unauthenticated, remote attacker to bypass an explicit block rule and cause t...

Design/Logic Flaw

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...

CVE-2009-3922

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

CVE-2009-3922

Multiple cross-site request forgery CSRF vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that 1 delete the editing protection of a user or 2 delete a certa...

Linux Kernel Netfilter nf_conntrack IPv6报文重组绕过规则漏洞

Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel中netfilter的模块实现上存在漏洞，远程攻击者可能利用此漏洞绕过访问过滤。 netfilter的nfconntrack函数在重组碎片IPv6报文期间没有设置nfctinfo，将默认值初始化为0，而这是IPCTESTABLISHED的值，因此所有IPv6碎片都追踪为ESTABLISHED，这样攻击者就可以绕过某些接受ESTABLISHED报文的规则组。 Linux kernel 2.6.20.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...