Linux Distros Unpatched Vulnerability : CVE-2023-38285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. CVE-2023-38285 Note that Nessus relies on the presence of the package as reporte...

Linux Distros Unpatched Vulnerability : CVE-2022-39957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional charset...

Linux Distros Unpatched Vulnerability : CVE-2022-39956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character...

Linux Distros Unpatched Vulnerability : CVE-2023-24021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web...

Linux Distros Unpatched Vulnerability : CVE-2022-39955

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates...

Linux Distros Unpatched Vulnerability : CVE-2020-22669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable...

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity allows attackers to circumvent existing security restrictions.

The vulnerability of the Libmodsecurity3 network firewall library for protecting web applications with ModSecurity is related to incorrect processing of HTML entities during decoding. Exploiting this vulnerability allows an attacker to bypass existing security restrictions by sending HTML entitie...

UBUNTU-CVE-2025-27110

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

CVE-2025-27110

Libmodsecurity3 contains a vulnerability in version 3.0.13 where encoded HTML entities with leading zeroes are not decoded correctly. A fixed release is 3.0.14. Several advisories (Fedora, openSUSE/SUSE, OpenVAS/NASL entries) reference CVE-2025-27110 and mandate/update to 3.0.14 to remediate. The...

CVE-2025-27110

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

CVE-2025-27110 Libmodsecurity3 has possible bypass of encoded HTML entities

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurit...

GHSA-WGCM-RVMX-WH95 vulnerabilities

Vulnerabilities for packages: modsecurity...

GHSA-WF6M-89Q7-H9JH vulnerabilities

Vulnerabilities for packages: modsecurity...

GHSA-WF6M-89Q7-H9JH vulnerabilities

Vulnerabilities for packages: modsecurity...

ModSecurity 安全漏洞

ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version 3.0.13, which stems from an inability to decode encoded HTML entities containing leading zeros...

[SECURITY] Fedora 41 Update: nginx-mod-modsecurity-1.0.3-16.fc41

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

[SECURITY] Fedora 40 Update: nginx-mod-modsecurity-1.0.3-16.fc40

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

owasp-modsecurity-crs-4.10.0-1.1 on GA media (moderate)

owasp-modsecurity-crs-4.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14717-1 Rating: moderate Cross-References: CVE-2023-5003 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2025:14717-1 owasp-modsecurity-crs-4.10.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14708-1 owasp-modsecurity-crs-4.9.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...