34 matches found
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2022-44572 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the multipart parsing component...
CVE-2025-30122
An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices...
CVE-2025-30122
creationtimestamp| type| source ---|---|--- 2025-03-18 17:44:09+00:00| seen| https://t.me/cvedetector/20575 2025-03-18 18:13:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkobie4c4v26 2025-03-21 14:19:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8...
CVE-2024-30122
creationtimestamp| type| source ---|---|--- 2024-10-23 18:13:37+00:00| seen| https://t.me/cvedetector/8702...
CVE-2024-30122
CVE-2024-30122 affects HCL Sametime due to misconfigured security-related HTTP headers; some headers are missing from web service responses, causing browser default policy handling to be less secure. Root cause: HTTP header omissions in Sametime web responses. Documents provide descriptions acros...
Ubuntu: Security Advisory (USN-7036-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS : Rack vulnerabilities (USN-7036-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7036-1 advisory. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sendin...
RHEL 7 : rubygem-rack (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 - A possible denial of service...
RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7242 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...
GLSA-202310-18 : Rack: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202310-18 Rack: Multiple Vulnerabilities - A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack. CVE-2022-30122 - A sequence injection vulnerability exis...
[SECURITY] [DSA 5530-1] ruby-rack security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5530-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2023 https://www.debian.org/security/faq -...
Debian DSA-5530-1 : ruby-rack - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory. Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injectio...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Rack vulnerabilities (USN-5253-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5253-1 advisory. It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to...
CVE-2023-30122
CVE-2023-30122 describes an arbitrary file upload vulnerability in the Online Food Ordering System v2.0, specifically in the component /admin/ajax.php?action=save_menu. The underlying issue allows an attacker to upload a crafted PHP file and execute arbitrary code on the server. The public-facing...
CVE-2023-30122
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=savemenu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5896-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5896-1 advisory. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system...
USN-5896-1: Rack vulnerabilities
It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of...
Ubuntu: Security Advisory (USN-5253-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5253-1: Rack vulnerabilities
It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...
Amazon Linux 2 : pcs (ALAS-2022-1895)
The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1895 advisory. A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart...