Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crs vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39958
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily ...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39956
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39957
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this res...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2022-39955
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content...
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
694
VMScore
CVE-2010-1571
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 prior to 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 prior to 5.0(2)SR3 allows remote malicious users to read arbitrary files via a crafted bootstrap message ...
Cisco Unified Contact Center Express 7.0
Cisco Unified Contact Center Express 6.0
Cisco Unified Contact Center Express 5.0
Cisco Customer Response Solution 6.0
Cisco Customer Response Solution 7.0
Cisco Customer Response Solution 5.0
Cisco Unified Ip Interactive Voice Response 5.0
Cisco Unified Ip Interactive Voice Response 6.0
Cisco Unified Ip Interactive Voice Response 7.0
694
VMScore
CVE-2010-1570
The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 prior to 7.0(1)SR4 and 7.0(2), 6.0 prior to 6.0(1)SR1, and 5.0 prior to 5.0(2)SR3 allows remote malicious users to cause a denial of service (CTI server and Node Manager f...
Cisco Unified Contact Center Express 7.0
Cisco Unified Contact Center Express 6.0
Cisco Unified Contact Center Express 5.0
Cisco Customer Response Solution 7.0
Cisco Customer Response Solution 5.0
Cisco Customer Response Solution 6.0
Cisco Unified Ip Interactive Voice Response 5.0
Cisco Unified Ip Interactive Voice Response 6.0
Cisco Unified Ip Interactive Voice Response 7.0
694
VMScore
CVE-2011-0949
Cisco IOS XR 3.6.x, 3.8.x prior to 3.8.3, and 3.9.x prior to 3.9.1 does not properly remove sshd_lock files from /tmp/, which allows remote malicious users to cause a denial of service (disk consumption) by making many SSHv1 connections, aka Bug ID CSCtd64417.
Cisco Ios Xr 3.6.0
Cisco Ios Xr 3.6.1
Cisco Ios Xr 3.6.2
Cisco Ios Xr 3.6.3
Cisco Ios Xr 3.8.0
Cisco Ios Xr 3.8.2
Cisco Ios Xr 3.8.1
Cisco Ios Xr 3.9.0
446
VMScore
CVE-2010-3035
Cisco IOS XR 3.4.0 up to and including 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote malicious users to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in Augus...
Cisco Ios Xr 3.4.2
Cisco Ios Xr 3.4.3
Cisco Ios Xr 3.6.3
Cisco Ios Xr 3.7.0
Cisco Ios Xr 3.8.4
Cisco Ios Xr 3.9.0
Cisco Ios Xr 3.4.0
Cisco Ios Xr 3.4.1
Cisco Ios Xr 3.6.1
Cisco Ios Xr 3.6.2
Cisco Ios Xr 3.8.1
Cisco Ios Xr 3.8.2
Cisco Ios Xr 3.8.3
Cisco Ios Xr 3.5.4
Cisco Ios Xr 3.6.0
Cisco Ios Xr 3.7.3
Cisco Ios Xr 3.8.0
Cisco Ios Xr 3.5.2
Cisco Ios Xr 3.5.3
Cisco Ios Xr 3.7.1
Cisco Ios Xr 3.7.2
Cisco Ios Xr 3.9.1
294
VMScore
CVE-2009-1154
Cisco IOS XR 3.8.1 and previous versions allows remote malicious users to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
Cisco Ios Xr 3.5
Cisco Ios Xr 3.5.3
Cisco Ios Xr 3.5.2
Cisco Ios Xr 3.5.4
Cisco Ios Xr 3.6.0
Cisco Ios Xr 3.4.0
Cisco Ios Xr 3.4.2
Cisco Ios Xr 3.6.2
Cisco Ios Xr 3.7.0
Cisco Ios Xr 3.4
Cisco Ios Xr 3.7.2
Cisco Ios Xr 3.7.3
Cisco Ios Xr 3.8.0
Cisco Ios Xr
Cisco Ios Xr 3.4.1
Cisco Ios Xr 3.4.3
Cisco Ios Xr 3.6.3
Cisco Ios Xr 3.7.1
Cisco Ios Xr 3.6.1
384
VMScore
CVE-2009-2055
Cisco IOS XR 3.4.0 up to and including 3.8.1 allows remote malicious users to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.
Cisco Ios Xr 3.4
Cisco Ios Xr 3.4.0
Cisco Ios Xr 3.4.1
Cisco Ios Xr 3.7.3
Cisco Ios Xr 3.8.1
Cisco Ios Xr 3.8.0
Cisco Ios Xr 3.4.3
Cisco Ios Xr 3.5.3
Cisco Ios Xr 3.6.2
Cisco Ios Xr 3.7.0
Cisco Ios Xr 3.7.2
Cisco Ios Xr 3.5.2
Cisco Ios Xr 3.5.4
Cisco Ios Xr 3.6.0
Cisco Ios Xr 3.6.1
Cisco Ios Xr 3.4.2
Cisco Ios Xr 3.5
Cisco Ios Xr 3.6.3
Cisco Ios Xr 3.7.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »