Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-50981

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01169EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-39956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character...

9.8CVSS7.1AI score0.00952EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.10 views

Fedora 37 : mod_security / mod_security_crs (2022-1fd73a5285)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-1fd73a5285 advisory. - version update - security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

9.8CVSS7.6AI score0.01115EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : mod_security (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecurity: lacking the complete content in FILESTMPCONTENT leads to web application firewall bypass...

9.8CVSS10AI score0.01169EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS7.2AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 8 : mod_security (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecurity: lacking the complete content in FILESTMPCONTENT leads to web application firewall bypass...

9.8CVSS7.7AI score0.01169EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 9 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9.8CVSS9.7AI score0.01115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.28 views

RHEL 7 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

9AI score0.01115EPSS
Exploits0References4
OSV
OSV
added 2024/04/12 11:7 a.m.2 views

OESA-2024-1375 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS7AI score0.01169EPSS
Exploits0References2
OSV
OSV
added 2024/03/29 11:7 a.m.2 views

OESA-2024-1334 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS7AI score0.01169EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:57 a.m.26 views

BIT-MODSECURITY2-2022-48279

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...

7.5CVSS8.4AI score0.01169EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/07/03 12:0 a.m.37 views

Amazon Linux AMI : mod24_security (ALAS-2023-1772)

The version of mod24security installed on the remote host is prior to 2.8.0-5.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1772 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web...

9.8CVSS7.6AI score0.01169EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/01 12:0 a.m.37 views

Amazon Linux 2 : mod_security (ALAS-2023-2098)

The version of modsecurity installed on the remote host is prior to 2.9.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2098 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the...

9.8CVSS7AI score0.01169EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.44 views

Amazon Linux AMI : mod_security (ALAS-2023-1763)

The version of modsecurity installed on the remote host is prior to 2.8.0-5.28. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1763 advisory. In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web...

7.5CVSS7.6AI score0.01169EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/21 12:0 a.m.40 views

GLSA-202305-25 : OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-25 OWASP ModSecurity Core Rule Set: Multiple Vulnerabilities - OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname...

9.8CVSS7.6AI score0.02542EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2023/04/24 12:0 a.m.51 views

Fedora 37 : mod_security (2023-09f0496e60)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-09f0496e60 advisory. - new version 2.9.7 - switch to PCRE2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS7AI score0.01169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.33 views

EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

7.5CVSS7.1AI score0.01169EPSS
Exploits0References3
Debian
Debian
added 2023/01/30 6:35 p.m.143 views

[SECURITY] [DLA 3293-1] modsecurity-crs security update

Debian LTS Advisory DLA-3293-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 30, 2023 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.2.3-0+deb10u3 CVE ID : CVE-2018-16384 CVE-2020-22669 CVE-2021-35368 CVE-2022-39955 CVE-2022-39956...

9.8CVSS7.1AI score0.02542EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/01/27 12:0 a.m.44 views

Debian dla-3283 : libapache2-mod-security2 - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3283 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3283-1 [email protected]...

9.8CVSS7.2AI score0.01169EPSS
Exploits0References8
Prion
Prion
added 2023/01/20 7:15 p.m.22 views

Code injection

In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity C language codebase...

5CVSS8.4AI score0.01169EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder