Lucene search
K

19 matches found

Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.5 views

mod_security security update

An update is available for modsecurity. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list ModSecurity is an open source intrusion detection and prevention engine f...

7.5CVSS6.9AI score0.0076EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-48866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of servic...

7.5CVSS7.6AI score0.0076EPSS
Exploits2References3
Oracle linux
Oracle linux
added 2025/08/05 12:0 a.m.6 views

mod_security security update

2.9.6-2.1 - Resolves: RHEL-100102 - CVE-2025-48866 modsecurity: ModSecurity Denial of Service Vulnerability...

7.5CVSS7.3AI score0.0076EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.4 views

RHEL 9 : mod_security (RHSA-2025:12838)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:12838 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...

7.5CVSS8.1AI score0.0076EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/07/07 12:0 a.m.6 views

TencentOS Server 4: mod_security (TSSA-2025:0499)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0499 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.7AI score0.0076EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.3 views

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_security2 (SUSE-SU-2025:02028-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02028-1 advisory. - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of...

7.5CVSS8AI score0.0076EPSS
Exploits2References7
OpenVAS
OpenVAS
added 2025/06/23 12:0 a.m.5 views

SUSE: Security Advisory (SUSE-SU-2025:02029-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.0076EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2025/06/23 12:0 a.m.4 views

openSUSE Security Advisory (SUSE-SU-2025:02028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.0076EPSS
Exploits2References5
SUSE Linux
SUSE Linux
added 2025/06/20 1:5 p.m.4 views

Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976. Patch Instructions: To install this SUSE update us...

8.7CVSS7.3AI score0.0076EPSS
Exploits2References8
OSV
OSV
added 2025/06/20 1:4 p.m.4 views

SUSE-SU-2025:02052-1 Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...

7.5CVSS9.6AI score0.0076EPSS
Exploits2References5
OSV
OSV
added 2025/06/19 3:17 p.m.2 views

SUSE-SU-2025:02029-1 Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...

7.5CVSS9.6AI score0.0076EPSS
Exploits2References5
OSV
OSV
added 2025/06/19 3:16 p.m.2 views

SUSE-SU-2025:02028-1 Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes bsc1243978. - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg bsc1243976...

7.5CVSS9.6AI score0.0076EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2025/06/17 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7567-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.0076EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : ModSecurity vulnerabilities (USN-7567-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7567-1 advisory. Simon Studer discovered that ModSecurity incorrectly handled certain JSON...

7.5CVSS8AI score0.0076EPSS
Exploits2References3
Amazon
Amazon
added 2025/06/12 12:0 a.m.5 views

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...

7.5CVSS6.8AI score0.0076EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/06/02 8:13 p.m.17 views

CVE-2025-48866

A denial of service flaw was found in ModSecurity. This vulnerability is present in the sanitiseArg/sanitizeArg function can be overloaded with a large number of arguments which will lead to excessive memory usage when processing json values. This may lead to a denial of service in the affected w...

7.5CVSS7.3AI score0.0076EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/06/02 3:46 p.m.16 views

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS0.0076EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/06/02 3:46 p.m.18 views

CVE-2025-48866 ModSecurity has possible DoS vulnerability in sanitiseArg action

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS6.1AI score0.0076EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/06/02 3:46 p.m.10 views

CVE-2025-48866

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg - this is the same action but an alias is...

7.5CVSS7.7AI score0.0076EPSS
Exploits1
Rows per page
Query Builder