Lucene search
+L

322 matches found

OSV
OSV
added 2024/03/06 10:56 a.m.19 views

BIT-MODSECURITY2-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

7.5CVSS6AI score0.00731EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:56 a.m.19 views

BIT-MODSECURITY-2023-28882

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service worker crash and unresponsiveness because some inputs cause a segfault in the Transaction class for some configurations...

7.5CVSS6AI score0.00731EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:56 a.m.26 views

BIT-MODSECURITY2-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.4AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:56 a.m.37 views

BIT-MODSECURITY-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.4AI score0.00771EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/02/06 2:9 p.m.59 views

Beware: Fake Facebook Job Ads Spreading 'Ov3r_Stealer' to Steal Crypto and Credentials

Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3rStealer. "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat...

8.8CVSS9.4AI score0.88196EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/01/22 3:40 a.m.84 views

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

10CVSS8.2AI score0.99654EPSS
Exploits31
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.33 views

openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0269-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0269-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...

7.5CVSS6.7AI score0.03206EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.30 views

openSUSE 15 Security Update : modsecurity (openSUSE-SU-2023:0257-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0257-1 advisory. - DISPUTED Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports Trustwave has...

7.5CVSS6.7AI score0.03206EPSS
Exploits4References11
The Hacker News
The Hacker News
added 2023/09/04 5:40 a.m.55 views

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/07 9:52 a.m.47 views

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/03 2:33 p.m.27 views

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2023/07/28 5:49 a.m.20 views

CVE-2023-38285

A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could...

7.5CVSS6AI score0.00771EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/07/26 9:15 p.m.6 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.1AI score0.00771EPSS
Exploits0References3
NVD
NVD
added 2023/07/26 9:15 p.m.28 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.5AI score0.00771EPSS
Exploits0References2
Prion
Prion
added 2023/07/26 9:15 p.m.29 views

Code injection

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

5CVSS7.5AI score0.00771EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/26 12:0 a.m.17 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

6.8AI score0.00771EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/26 12:0 a.m.29 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.6AI score0.00771EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.9 views

PT-2023-26345 · Trustwave +1 · Modsecurity +1

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.9 Description: The issue is related to Inefficient Algorithmic Complexity. Recommendations: For Trustwave ModSecurity versions 3.0.0 through 3.0.9, update to version 3.0.10 or later to resolve...

7.5CVSS7.3AI score0.03206EPSS
Exploits4References25
UbuntuCve
UbuntuCve
added 2023/07/26 12:0 a.m.31 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.1AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2023/07/26 12:0 a.m.26 views

CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

7.5CVSS7.2AI score0.00771EPSS
Exploits0References4
Rows per page
Query Builder