Lucene search
K

22 matches found

OpenVAS
OpenVAS
added 2025/11/25 12:0 a.m.2 views

Mageia: Security Advisory (MGASA-2025-0311)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: pcs (TSSA-2025:0255)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0255 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS6.9AI score0.00699EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/11/13 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-eae2126736)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.35376EPSS
Exploits3References29
OpenVAS
OpenVAS
added 2025/07/24 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7366-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/12 12:0 a.m.9 views

openSUSE Security Advisory (SUSE-SU-2025:1492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00699EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.3 views

openSUSE 15: ruby2.5-rubygem-rack-1_6 / ruby2.5-rubygem-rack-doc-1_6 / etc (SUSE-SU-2025:1492-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1492-1 advisory. - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Tenable has extracted the preceding description block directly from the SUSE...

7.5CVSS6.9AI score0.00699EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

7.5CVSS7AI score0.00699EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/03/26 12:0 a.m.7 views

Debian: Security Advisory (DSA-5886-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/03/25 12:0 a.m.11 views

Ubuntu: Security Advisory (USN-7366-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/25 12:0 a.m.14 views

Debian dsa-5886 : ruby-rack - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5886 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5886-1 [email protected] https://www.debian.org/securit...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2025/03/17 12:0 a.m.13 views

openSUSE Security Advisory (SUSE-SU-2025:0874-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.01095EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/07 12:0 a.m.7 views

ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.12-1.1 on GA media Announcement ID: openSUSE-SU-2025:14859-1 Rating: moderate Cross-References: CVE-2025-27111 CVSS scores: CVE-2025-27111 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-27111 SUSE : 6.9...

6.9CVSS6.6AI score0.00699EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-27111

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can explo...

7.5CVSS6.2AI score0.00699EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/05 6:44 a.m.6 views

CVE-2025-27111

A flaw was found in Rack Rubygem, where the Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. This flaw allows an attacker to inject escape sequences, such as newline characters, into the header, resulting in log injection. Mitigation To mitigate this...

5.3CVSS6.8AI score0.00699EPSS
Exploits0References7
Wolfi
Wolfi
added 2025/03/04 4:15 p.m.24 views

CVE-2025-27111 vulnerabilities

Vulnerabilities for packages: ruby3.4-rack, logstash, ruby4.0-rack, ruby3.2-rack, ruby3.3-rack...

7.5CVSS6.8AI score0.00699EPSS
Exploits0
Chainguard
Chainguard
added 2025/03/04 4:15 p.m.10 views

CVE-2025-27111 vulnerabilities

Vulnerabilities for packages: ruby3.2-rack, ruby4.0-rack, logstash, ruby3.3-rack, ruby3.4-rack...

7.5CVSS6.8AI score0.00699EPSS
Exploits0
NVD
NVD
added 2025/03/04 4:15 p.m.5 views

CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

7.5CVSS0.00699EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/03/04 4:15 p.m.7 views

CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

7.5CVSS6.8AI score0.00699EPSS
Exploits0References7
Circl
Circl
added 2025/03/04 3:31 p.m.4 views

CVE-2025-27111

creationtimestamp| type| source ---|---|--- 2025-03-04 15:31:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6370 2025-03-04 18:21:13+00:00| seen| https://t.me/cvedetector/19514 2025-04-25 17:17:07+00:00| seen| https://bsky.app/profile/aakl.bsky.social/post/3lnnq2hje5s2y 2025-04-26...

7.5CVSS6.6AI score0.00699EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/04 3:26 p.m.9 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS6.8AI score0.00699EPSS
Exploits0References4
Rows per page
Query Builder