Lucene search
K

21303 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 9:43 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45231. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45231 DESCRIPTION: Django could allow a remote attacker to obtai...

9.8CVSS7.5AI score0.25327EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2025/03/12 4:19 p.m.89 views

USN-7350-1: UnRAR vulnerabilities

It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. CVE-2022-30333, CVE-2022-48579 It...

7.8CVSS7.1AI score0.98975EPSS
Exploits14
OSV
OSV
added 2025/03/12 4:19 p.m.1 views

USN-7350-1 unrar-nonfree vulnerabilities

It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. CVE-2022-30333, CVE-2022-48579 It...

7.8CVSS7AI score0.98975EPSS
Exploits14References5
Snyk
Snyk
added 2025/03/12 2:44 p.m.4 views

Out-of-bounds Read

Overview json is a JSON implementation as a Ruby extension in C. Affected versions of this package are vulnerable to Out-of-bounds Read in the jsonstringunescape function in parser.c. An attacker can cause a crash by supplying a JSON object containing malicious unicode escape sequences, like...

8.7CVSS7AI score0.00665EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 11:26 a.m.41 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2024-10963 DESCRIPTION: A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

9.1CVSS9.5AI score0.02782EPSS
Exploits4Affected Software2
Veracode
Veracode
added 2025/03/12 10:37 a.m.12 views

Path Traversal

Rack is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to Rack::Static not correctly sanitizing user-supplied paths, allowing encoded path traversal sequences to access files outside the intended static file directory...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2025/03/12 5:5 a.m.1 views

SUSE CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.7AI score0.01068EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/12 12:0 a.m.47 views

Ubuntu 20.04 LTS / 22.04 LTS : UnRAR vulnerabilities (USN-7350-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7350-1 advisory. It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafte...

7.8CVSS7.5AI score0.98975EPSS
Exploits14References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 7:26 p.m.98 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

8.1CVSS9.8AI score0.99019EPSS
Exploits15Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2025/03/11 1:0 p.m.8 views

Helping us help you: Practical applications of AI in the SOC

Security teams can be understandably hesitant to integrate artificial intelligence AI into incident response workflows. A single mistaken action could lead to widespread disruption, monetary loss, or reputational harm. Meanwhile, attackers are increasingly leveraging AI to enhance the scale and...

7.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/11 5:40 a.m.11 views

CVE-2025-27610

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS7.3AI score0.01068EPSS
Exploits0References5
NVD
NVD
added 2025/03/10 11:15 p.m.9 views

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS0.01068EPSS
Exploits0References3
OSV
OSV
added 2025/03/10 11:15 p.m.2 views

DEBIAN-CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.2AI score0.01068EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/03/10 11:15 p.m.8 views

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7AI score0.01068EPSS
Exploits0References4
OSV
OSV
added 2025/03/10 11:15 p.m.1 views

UBUNTU-CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS6.8AI score0.01068EPSS
Exploits0References5
OSV
OSV
added 2025/03/10 10:19 p.m.13 views

GHSA-7WQH-767X-R66V Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

7.5CVSS7.7AI score0.01068EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/03/10 10:19 p.m.15 views

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

7.5CVSS7.2AI score0.01068EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/03/10 10:19 p.m.24 views

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS0.01068EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/10 10:19 p.m.18 views

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.6AI score0.01068EPSS
Exploits0References2
CVE
CVE
added 2025/03/10 10:19 p.m.321 views

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

7.5CVSS7.2AI score0.01068EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder