6249 matches found
K000148512: BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability CVE-2025-58474
Security Advisory Description When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. CVE-2025-58474 Impact Traffic is...
F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM and NGINX App Protect DNS lookup vulnerability (K000148512)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.2 / 17.5.0. It is, therefore, affected by a vulnerability as referenced in the K000148512 advisory. When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when a...
Allocation of Resources Without Limits or Throttling
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
UBUNTU-CVE-2025-61780
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...
CVE-2025-61780
CVE-2025-61780 (Rack) affects Rack, a modular Ruby web server interface. The IBM security bulletin and Debian advisories describe a vulnerability in Rack::Sendfile when used behind a proxy that supports x-accel-redirect/x-sendfile headers. By sending crafted headers, an attacker could cause Rack:...
EUVD-2025-33749
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...
CVE-2025-61780 Rack has Possible Information Disclosure Vulnerability
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...
PT-2025-41580
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.20 Rack versions prior to 3.1.18 Rack versions prior to 3.2.3 Description Rack is a modular Ruby web server interface. A potential information disclosure issue existed in Rack::Sendfile when operating behind a proxy...
Rack has a Possible Information Disclosure Vulnerability
Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...
SUSE CVE-2025-61771
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
CVE-2025-61772
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...
CVE-2025-61771 Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...
EUVD-2019-5052
Malware in sbrugna...
EUVD-2020-27049
Malware in sbrugna...
EUVD-2020-27054
Malware in sbrugna...
EUVD-2013-2050
Malware in sbrugna...
EUVD-2020-17082
Malware in sbrugna...
EUVD-2012-3352
Malware in sbrugna...
EUVD-2010-2278
Malware in sbrugna...
EUVD-2020-11594
Malware in sbrugna...