Filtered by vendor Trustwave
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25043 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | |||||
| CVE-2019-19886 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc. | |||||
| CVE-2018-13065 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured. | |||||
| CVE-2014-2727 | 1 Trustwave | 1 Mailmarshal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. | |||||