Lucene search
K

227 matches found

NVD
NVD
added 2022/09/20 7:15 a.m.26 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS0.00952EPSS
Exploits0References7
OSV
OSV
added 2022/09/20 7:15 a.m.39 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS6.8AI score
Exploits0References7
Prion
Prion
added 2022/09/20 7:15 a.m.38 views

Design/Logic Flaw

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

7.5CVSS8.6AI score0.00952EPSS
Exploits0References6Affected Software3
UbuntuCve
UbuntuCve
added 2022/09/20 7:15 a.m.46 views

CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

9.8CVSS7.1AI score0.01115EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/09/20 7:15 a.m.37 views

CVE-2022-39956

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

9.8CVSS7.1AI score0.00952EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/20 12:0 a.m.33 views

CVE-2022-39956 Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and...

7.3CVSS8.9AI score0.00952EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/09/20 12:0 a.m.10 views

CVE-2022-39955 Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

7.3CVSS6.5AI score0.01115EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/09/20 12:0 a.m.45 views

CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

9.8CVSS7.2AI score0.01115EPSS
Exploits0
CVE
CVE
added 2022/09/20 12:0 a.m.147 views

CVE-2022-39956

CVE-2022-39956 affects the OWASP ModSecurity Core Rule Set (CRS) and enables a partial rule set bypass for HTTP multipart requests when a payload uses certain character encoding schemes in Content-Type or Content-Transfer-Encoding headers. The issue impacts legacy CRS versions 3.0.x and 3.1.x, an...

9.8CVSS8.6AI score0.00952EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/09/20 12:0 a.m.30 views

CVE-2022-39955 Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

7.3CVSS9.3AI score0.01115EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2022/05/10 12:0 a.m.25 views

WP Statistics < 13.2.2 - Reflected Cross-Site Scripting

The plugin does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters PoC GET /wp-admin/admin.php?page=wpssettingspage= HTTP/1.1 Accept:...

6.1CVSS2.4AI score0.00857EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2019-0156)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.58204EPSS
Exploits9References4
vulnersOsv
vulnersOsv
added 2021/09/01 6:25 p.m.5 views

csv-extractor (=1.0.0), mi-lib (>=0.0.10 <=0.0.16) +1 more potentially affected by CVE-2021-39176 via detect-character-encoding (=0.2.1)

detect-character-encoding NPM version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on detect-character-encoding and may be impacted: - csv-extractor =1.0.0 - mi-lib =0.0.10, =0.3.0, =0.3.1 Source cves: CVE-2021-39176 Source advisory:...

7.5CVSS7.1AI score0.01891EPSS
Exploits1
NVD
NVD
added 2021/08/31 6:15 p.m.17 views

CVE-2021-39176

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1...

7.5CVSS0.01891EPSS
Exploits1References4
OSV
OSV
added 2021/08/31 6:15 p.m.11 views

CVE-2021-39176

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1...

7.5CVSS7.6AI score
Exploits0References4
Prion
Prion
added 2021/08/31 6:15 p.m.12 views

Design/Logic Flaw

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1...

5CVSS7.5AI score0.01891EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/08/31 6:5 p.m.22 views

CVE-2021-39176 Missing Release of Memory after Effective Lifetime in detect-character-encoding

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1...

7.5CVSS7.7AI score0.01891EPSS
Exploits1References4
CVE
CVE
added 2021/08/31 6:5 p.m.54 views

CVE-2021-39176

CVE-2021-39176 (detect-character-encoding) affects the detect-character-encoding library (ICU-based) up to version 0.3.0. The root cause is that allocated memory is not released, leading to memory exhaustion. The issue has been patched in v0.3.1. Related advisories (GitHub GHSA, OSV, Red Hat, NVD...

7.5CVSS7.5AI score0.01891EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.10 views

detect-character-encoding 安全漏洞

detect-character-encoding is an open source C++ plugin. A security vulnerability exists in detect-character-encoding 0.3.0 and earlier versions, which is caused by software that does not free allocated memory...

7.5CVSS7.3AI score0.01891EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/08/25 2:44 p.m.2 views

book2json (>=1.0.0 <=1.0.1), csv-extractor (=1.0.0) +8 more potentially affected by CVE-2021-39157 via detect-character-encoding (>=0.2.1 <=0.6.0)

detect-character-encoding NPM version =0.2.1, =1.0.0, =1.0.0-beta.5, =0.0.10, =0.3.0, =0.3.0, =0.1.0, =0.3.0, =0.3.2 - whois-2 =0.0.1 Source cves: CVE-2021-39157 Source advisory: OSV:GHSA-JQFH-8HW5-FQJR...

7.5CVSS7.1AI score0.02068EPSS
Exploits1
Rows per page
Query Builder