CVE-2019-11388

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...

CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

EUVD-2019-3065

Malware in sbrugna...

EUVD-2019-4935

Malware in sbrugna...

EUVD-2018-8230

Malware in sbrugna...

EUVD-2021-22011

Malware in sbrugna...

EUVD-2022-42402

Malicious code in bioql PyPI...

EUVD-2022-42399

Malicious code in bioql PyPI...

CVE-2023-38199

coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

Linux Distros Unpatched Vulnerability : CVE-2023-38199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attacker...

Linux Distros Unpatched Vulnerability : CVE-2022-39958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly...

owasp-modsecurity-crs-4.10.0-1.1 on GA media (moderate)

owasp-modsecurity-crs-4.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14717-1 Rating: moderate Cross-References: CVE-2023-5003 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2025:14717-1 owasp-modsecurity-crs-4.10.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14708-1 owasp-modsecurity-crs-4.9.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13187-1 owasp-modsecurity-crs-3.3.5-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-3.3.5-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

RHEL 7 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

Mageia: Security Advisory (MGASA-2024-0070)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...