22 matches found
Mageia: Security Advisory (MGASA-2025-0311)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TencentOS Server 4: pcs (TSSA-2025:0255)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0255 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora: Security Advisory (FEDORA-2025-eae2126736)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7366-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:1492-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15: ruby2.5-rubygem-rack-1_6 / ruby2.5-rubygem-rack-doc-1_6 / etc (SUSE-SU-2025:1492-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1492-1 advisory. - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Tenable has extracted the preceding description block directly from the SUSE...
Medium: pcs
Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...
Debian: Security Advisory (DSA-5886-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7366-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dsa-5886 : ruby-rack - security update
The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5886 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5886-1 [email protected] https://www.debian.org/securit...
openSUSE Security Advisory (SUSE-SU-2025:0874-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media (moderate)
ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media Announcement ID: openSUSE-SU-2025:14859-1 Rating: moderate Cross-References: CVE-2025-27111 CVSS scores: CVE-2025-27111 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-27111 SUSE : 6.9...
Linux Distros Unpatched Vulnerability : CVE-2025-27111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...
CVE-2025-27111
A flaw was found in Rack Rubygem, where the Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. This flaw allows an attacker to inject escape sequences, such as newline characters, into the header, resulting in log injection. Mitigation To mitigate this...
CVE-2025-27111 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, logstash, ruby4.0-rack, ruby3.2-rack, ruby3.3-rack...
CVE-2025-27111 vulnerabilities
Vulnerabilities for packages: ruby3.2-rack, ruby4.0-rack, logstash, ruby3.3-rack, ruby3.4-rack...
CVE-2025-27111
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
CVE-2025-27111
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
CVE-2025-27111
creationtimestamp| type| source ---|---|--- 2025-03-04 15:31:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6370 2025-03-04 18:21:13+00:00| seen| https://t.me/cvedetector/19514 2025-04-25 17:17:07+00:00| seen| https://bsky.app/profile/aakl.bsky.social/post/3lnnq2hje5s2y 2025-04-26...
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...