Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017388)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017388 advisory. A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack. Tenable has extracted the precedin...

Unity Linux 20.1070e Security Update: rubygem-rack (UTSA-2026-017387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017387 advisory. A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components o...

SUSE CVE-2022-30122

A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack...

DEBIAN-CVE-2022-30122

A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +516 more potentially affected by CVE-2022-23457 via org.owasp.esapi:esapi (>=2.0GA <=2.2.3.1)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

VulnCheck KEV: CVE-2012-0391

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-36502)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

CMS Made Simple 2.2.3.1 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...

CVE-2017-16798

In CMS Made Simple 2.2.3.1, the isfileacceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by...

CVE-2008-7249

Buffer overflow in Squid Analysis Report Generator Sarg 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167...

CVE-2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

Stack overflow

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

CVE-2008-1168

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown;...

CVE-2008-1168

Cross-site scripting (XSS) in Squid Analysis Report Generator (Sarg) affects multiple 2.2.x releases (notably 2.2.4; earlier 2.2.3.1) via the User-Agent header when rendering the Squid proxy log. Root cause: an improper handling of User-Agent data leads to script/HTML injection. Impact: remote at...