CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2024-09-18
Waiting for details
CVE-2024-6641

Updating...
 

 
The WP Hardening �?? Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.

 
2024-04-09
Waiting for details
CVE-2024-2223

Updating...
 

 
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

 
2020-10-08
Medium
CVE-2020-2288

Vendor: Jenkins
Software: Audit trail
 

 
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.

 
2019-08-13
Medium
CVE-2019-14993

Vendor: Istio
Software: Istio
 

 
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.

 
2019-06-13
Medium
CVE-2019-12798

Vendor: Artifex
Software: MUJS
 

 
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.

 
2019-04-20
Medium
CVE-2019-11391

Vendor: Modsecurity
Software: Owasp modsec...
 

 
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.

 
Medium
CVE-2019-11390

Vendor: Modsecurity
Software: Owasp modsec...
 

 
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.

 
Medium
CVE-2019-11389

Vendor: Modsecurity
Software: Owasp modsec...
 

 
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.

 
Medium
CVE-2019-11388

Vendor: Modsecurity
Software: Owasp modsec...
 

 
** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity.

 
Medium
CVE-2019-11387

Vendor: Modsecurity
Software: Owasp modsec...
 

 
An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top