Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications.
Category Archives: Advisories
CVE-2021-27693
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage.
protobuf-c-1.4.1-2.fc36
FEDORA-2022-3be472fe11
Packages in this update:
protobuf-c-1.4.1-2.fc36
Update description:
Updated to version 1.4.1.
CVE-2021-35097
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-35108
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-35109
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile
CVE-2021-35113
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
curl-7.82.0-8.fc36
FEDORA-2022-5131c26a69
Packages in this update:
curl-7.82.0-8.fc36
Update description:
control code in cookie denial of service (CVE-2022-35252)
curl-7.79.1-6.fc35
FEDORA-2022-20e0f8d1cd
Packages in this update:
curl-7.79.1-6.fc35
Update description:
control code in cookie denial of service (CVE-2022-35252)
curl-7.85.0-1.fc37
FEDORA-2022-97e8d1d29c
Packages in this update:
curl-7.85.0-1.fc37
Update description:
new upstream release, which fixes the following vulnerability
CVE-2022-35252 – control code in cookie denial of service