17 matches found
MiracleLinux 9 : pcs-0.11.10-1.el9_7.1.ML.1 (AXSA:2026-257:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-257:03 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...
MiracleLinux 8 : pcs-0.10.18-2.el8_10.7.ML.1 (AXSA:2025-11087:08)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11087:08 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:4273-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4273-1 advisory. - Update to version 2.2.20 bsc1251936 - CVE-2025-61919: Fixed application/x-www-form-urlencoded, calling rack.input.readnil witho...
Oracle Linux 9 : pcs (ELSA-2025-20962)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20962 advisory. - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945,...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: Update to version 2.2.20 bsc1251936 CVE-2025-61919: Fixed application/x-www-form-urlencoded, callingrack.input.readnil without enforcing a length or cap bsc1251936 CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile allows...
SUSE-SU-2025:4273-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - Update to version 2.2.20 bsc1251936 - CVE-2025-61919: Fixed application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap bsc1251936 - CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile...
RHEL 7 : pcs (RHSA-2025:21696)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21696 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rack: Rack's unbound...
Fedora: Security Advisory (FEDORA-2025-eae2126736)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...
RLSA-2025:19512 Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...
Important: Red Hat Security Advisory: Satellite 6.17.6 Async Update
A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
pcs security update
0.11.9-2.el96.2 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120943, RHEL-121036, RHEL-123631, RHEL-123644, RHEL-124942...
Debian dla-4357 : ruby-rack - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4357 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4357-1 [email protected]...
CVE-2025-61919 vulnerabilities
Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, gitlab-rails-ce, ruby3.3-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...
Linux Distros Unpatched Vulnerability : CVE-2025-61919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for...
CVE-2025-61919
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...
CVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...