965 matches found
SUSE CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
UBUNTU-CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
ModSecurity 安全漏洞
ModSecurity is an open source, cross-platform web application firewall WAF engine from OWASP ModSecurity Open Source. A security vulnerability exists in ModSecurity version v3.0.12 that stems from the inclusion of a buffer overflow issue...
CVE-2024-46292
CVE-2024-46292 reports a buffer overflow in ModSecurity v3.0.12 that could cause DoS via a crafted input in the name parameter. The description notes this is disputed by the supplier (cannot reproduce) and that documentation states it may not be usable with very large SecRequestBodyNoFilesLimit v...
PT-2024-31947 · Unknown · Modsecurity
Name of the Vulnerable Software and Affected Versions: ModSecurity versions 3.0.12 and earlier Description: A buffer overflow in ModSecurity allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. The issue is disputed by the supplier as it cannot b...
CVE-2024-46292
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...
[SECURITY] Fedora 40 Update: nginx-mod-modsecurity-1.0.3-13.fc40
The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...
[SECURITY] Fedora 39 Update: nginx-mod-modsecurity-1.0.3-13.fc39
The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...
Fedora 39 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2024-8ba5080dfa)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8ba5080dfa advisory. Security: processing of a specially crafted mp4 file by the ngxhttpmp4module might cause a worker process crash CVE-2024-7347. Thanks to Nils Bars. Tenable h...
Fedora: Security Advisory for nginx-mod-modsecurity (FEDORA-2024-6ba57fd2a3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-8ba5080dfa)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Journyx 11.5.4 Cross Site Scripting
KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...
Journyx 11.5.4 XML Injection Vulnerability
Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...
Journyx Reflected Cross Site Scripting
Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-81: Improper Neutralization of Script in an Error Message Web Page CVE ID: CVE-2024-6892 2. Vulnerability Description Attackers can craft a...
OPENSUSE-SU-2024:13187-1 owasp-modsecurity-crs-3.3.5-1.1 on GA media
These are all security issues fixed in the owasp-modsecurity-crs-3.3.5-1.1 package on the GA media of openSUSE Tumbleweed...
The vulnerability of the MULTIPART_PART_HEADERS component in the network firewall, which allows a hacker to bypass the firewall protection for web applications.
The vulnerability of the MULTIPARTPARTHEADERS component in the network firewall for protecting web applications related to ModSecurity is linked to improper analysis of HTTP requests. Exploiting this vulnerability can allow a malicious actor to bypass the firewall’s protection...