21307 matches found
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
CVE-2025-27111
Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
Linux Distros Unpatched Vulnerability : CVE-2016-10228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE...
Linux Distros Unpatched Vulnerability : CVE-2017-6887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A boundary error within the parsetiffifd function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e....
Linux Distros Unpatched Vulnerability : CVE-2013-4885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files...
Linux Distros Unpatched Vulnerability : CVE-2017-15228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. CVE-2017-15228 Note that...
Linux Distros Unpatched Vulnerability : CVE-2015-9096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences...
Linux Distros Unpatched Vulnerability : CVE-2015-3411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or...
Linux Distros Unpatched Vulnerability : CVE-2015-0251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafte...
Linux Distros Unpatched Vulnerability : CVE-2014-8150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and...
Linux Distros Unpatched Vulnerability : CVE-2017-10784
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal...
Linux Distros Unpatched Vulnerability : CVE-2016-5699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remo...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
Linux Distros Unpatched Vulnerability : CVE-2014-8166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute...
Linux Distros Unpatched Vulnerability : CVE-2014-1576
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2...
Linux Distros Unpatched Vulnerability : CVE-2017-6508
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequence...
Linux Distros Unpatched Vulnerability : CVE-2019-9023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances...
Linux Distros Unpatched Vulnerability : CVE-2015-3412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read...
Linux Distros Unpatched Vulnerability : CVE-2019-14233
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser,...