Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 环境问题漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense are products of Cisco, a US company. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure Firewall Threat Defense is an integrated firewall platform. Both...

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 CVE-2025-32051:Fixed Segmentation fault when parsing malformed data URI...

CVE-2022-20816

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This...

CVE-2022-20897

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20900

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20880

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

Phoronix Test Suite 跨站请求伪造漏洞

Phoronix Test Suite is a Phoronix Test Suite open source, cross-platform automated testing/benchmarking software. Phoronix Test Suite suffers from a cross-site request forgery vulnerability that stems from a WEB application that does not adequately validate that a request is coming from a trusted...

CVE-2020-7328

External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO...

CVE-2020-3358

A vulnerability in the Secure Sockets Layer SSL VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service DoS condition. The vulnerability is due to a lack of proper input validation...

IBM Cúram Social Program Management Cross-Site Request Forgery Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site request forgery vulnerability exists in IBM Cúram SPM, which arises from a WEB application that does not...

Rapid7 Nexpose Cross-Site Request Forgery Vulnerability

Rapid7 Nexpose is a suite of vulnerability management software from Rapid7 USA that can synthesize different scans to deeply probe a network. The software proactively scans configuration environments for errors, vulnerabilities, malware and provides guidance to reduce risk. A security vulnerabili...

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access OWA validates web requests, aka "Microsoft Exchange Spoofing Vulnerability"...

Cross site scripting

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...

CVE-2017-13994

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...

CVE-2017-13994

A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link...

CVE-2017-0247

The CVE affects Microsoft ASP.NET Core: a DoS vulnerability caused by improper validation of web requests in the TextEncoder.EncodeCore function. It applies to ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3, where remote attackers could trigger DoS by exploiting incorrect calculation of the...

NetIQ Access Manager Cross-Site Request Forgery Vulnerability

NetIQ Access Manager NAM is a set of resource access solution developed by NetIQ Inc. in the United States. It provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users. A cross-site request forgery vulnerability exists in NetIQ Access Manager due to...

IBM Security Identity Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-04428)

IBMSecurityIdentityManager ISIM is a suite of identity management and governance solutions from IBM, USA. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password management. A cross-si...

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability (CNVD-2017-03854)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site request forgery vulnerability...