1152 matches found
BIT-MODSECURITY2-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
BIT-MODSECURITY-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
SUSE CVE-2026-30923
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
PT-2026-38473
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-43171
In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't dump the entire memory region The current logic at cperprintfwerr doesn't check if the error record length is big enough to handle offset. On a bad firmware, if the ofset is above the actual record, length -= offs...
EUVD-2026-27466
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...
CVE-2026-30923
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-30923
CVE-2026-30923 affects libModSecurity3 (ModSecurity v3) where a rule using the t:hexDecode transformation can trigger a segmentation fault when inspecting a single-character query string, causing worker process crashes and denial of service. All versions prior to 3.0.15 are affected; the issue is...
CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
SUSE CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...
PT-2026-37230
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit...
Modsecurity 缓冲区错误漏洞
Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity prior to 3.0.15 contained a buffer error vulnerability. This vulnerability arises from using the t:hexDecode conversion in rule checks for query string parameters containi...
PT-2026-37306
Name of the Vulnerable Software and Affected Versions ssrfcheck versions 1.3.0 and earlier Description ssrfcheck fails to block Server-Side Request Forgery SSRF attacks when a target private IP address is encoded as an IPv4-mapped IPv6 address e.g., 'http://::ffff:127.0.0.1/'. This occurs because...
Linux Distros Unpatched Vulnerability : CVE-2026-42482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or...
CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...
CVE-2026-42484
A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...
UBUNTU-CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...
UBUNTU-CVE-2026-42484
A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...
CVE-2026-42482
A stack-based buffer overflow in mangletohexlower and mangletohexupper in src/rpcpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...