Astra Linux – Vulnerability in Puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted; it did not prevent new connections from being blocked by greedy persistent-connections that saturated all threads ...

EUVD-2021-1158

Malware in sbrugna...

CVE-2019-16770

creationtimestamp| type| source ---|---|--- 2024-03-07 16:41:15+00:00| seen| https://t.me/ctinow/202551...

Amazon Linux 2022 : rubygem-puma (ALAS2022-2022-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-051 advisory. A flaw was found in rubygem-puma. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starv...

Debian dla-3083 : puma - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3083 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3083-1 [email protected]...

Debian DLA-3023-1 : puma - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3023 advisory. Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not alwa...

SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:1515-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1515-1 advisory. - Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only...

SUSE-SU-2021:2761-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service bsc1188527...

Puma's Keepalive Connections Causing Denial Of Service

This vulnerability is related to CVE-2019-16770. Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process...

Denial Of Service (DoS)

puma is vulnerable to denial of service DoS. The vulnerability exists as it was possible to monopolize a thread if the client does not reset and keeps requesting. This CVE exists due to an incomplete fix for CVE-2019-16770...

Design/Logic Flaw

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2020:0081-1 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client

This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential...

CVE-2019-16770

Puma (Ruby/Rack server) is vulnerable to a denial-of-service via greedily kept-alive connections that monopolize the reactor. Initial CVE-2019-16770 affects Puma versions before 3.12.2 and 4.3.1; the advisory notes these versions are patched in 3.12.2 and 4.3.1. Connected sources show subsequent ...