Lucene search
K

2253 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:2487-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2487-1 advisory. This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References32
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, the path check for Rack::Directory used a string prefix match on the expanded path. A request like /../rootexample/ could escape the configured root if the target path started with the root string, allowing...

7.5CVSS6.6AI score0.00665EPSS
Exploits1References3
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
NVD
NVD
added 2026/06/17 5:16 p.m.13 views

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

6.1CVSS0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 3:17 p.m.9 views

EUVD-2025-210272

Dell PowerFlex rack, versions RCM 3.7/3.7, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS5.5AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 3:17 p.m.16 views

CVE-2025-32748

Dell PowerFlex rack (RCM 3.7/3.7) contains a Host Header Injection vulnerability that allows an unauthenticated, remotely accessible attacker to trigger redirections. CVSS v3.1 base score 4.3 (MEDIUM) with Network attack vector, Low complexity, No privileges required, User interaction required. N...

6.1CVSS6AI score0.00146EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 3:17 p.m.25 views

CVE-2025-32748

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...

4.3CVSS0.00146EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.5 views

The vulnerability of the modular interface of the Ruby-based Rack web server allows a hacker to trigger a service failure.

The vulnerability of the modular interface of the Ruby-based Rack web server is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.0043EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.5 views

The vulnerability of the Rack::Utils.get_byte_ranges() function in the Ruby-based Rack web server module interface allows a attacker to cause a denial-of-service attack.

The vulnerability of the Rack::Utils.getbyteranges function in the Rack web server module interface, a programming language for Ruby, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.0038EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.2 views

The vulnerability of the modular interface of the Ruby-based Rack web server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Ruby-based Rack web server’s modular interface is related to partial comparison. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.3 views

The vulnerability of the map_accel_path method in the Ruby programming language-based Rack web server module interface allows a hacker to gain unauthorized access to protected information.

The vulnerability of the mapaccelpath method in the Ruby programming language-based Rack web server module interface is related to the use of a regular expression, which does not sufficiently restrict the set of allowed values. Exploiting this vulnerability can allow an attacker to gain...

7.8CVSS5.8AI score0.00209EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.5 views

The vulnerability of the Ruby-based Rack web server module interface parser allows a attacker to cause a denial-of-service attack.

The vulnerability of the Ruby-based Rack web server module interface parser involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.8AI score0.00369EPSS
Exploits0References8Affected Software6
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

TencentOS Server 4: pcs (TSSA-2026:0318)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0318 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS6.3AI score0.00665EPSS
Exploits2References11
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.4 views

The vulnerability of the modular interface between web servers and Rack web applications, related to incorrect path name restrictions for the restricted access catalog, allows attackers to gain unauthorized access to protected information.

The vulnerability of the modular interface between web servers and Rack web applications is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.8CVSS6.7AI score0.00665EPSS
Exploits1References10Affected Software5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby-Rack

There is a possible denial-of-service vulnerability in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1, specifically in the multipart parsing component of Rack...

7.5CVSS6.4AI score0.02056EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...

10CVSS6.7AI score0.01801EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial-of-service vulnerability ReDos, degree 2 polynomial. This vulnerability has been fixed in 3.0.9.1 and 2.2.8.1...

7.5CVSS6.1AI score0.35376EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ruby-Rack

There is a directory traversal vulnerability in Rack versions prior to 2.2.0. This vulnerability allows attackers to exploit the directory traversal vulnerability in the Rack::Directory module, which is included with Rack. This could lead to the disclosure of sensitive information...

8.6CVSS6.9AI score0.03593EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

7.5CVSS6.1AI score0.01996EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby-Rack

There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...

7.5CVSS6.5AI score0.0183EPSS
Exploits0References2
Rows per page
Query Builder