2253 matches found
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:2487-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2487-1 advisory. This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, the path check for Rack::Directory used a string prefix match on the expanded path. A request like /../rootexample/ could escape the configured root if the target path started with the root string, allowing...
SUSE-SU-2026:2487-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
CVE-2025-32748
Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...
EUVD-2025-210272
Dell PowerFlex rack, versions RCM 3.7/3.7, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...
CVE-2025-32748
Dell PowerFlex rack (RCM 3.7/3.7) contains a Host Header Injection vulnerability that allows an unauthenticated, remotely accessible attacker to trigger redirections. CVSS v3.1 base score 4.3 (MEDIUM) with Network attack vector, Low complexity, No privileges required, User interaction required. N...
CVE-2025-32748
Dell PowerFlex Manager, versions prior to 5.1.0.1, contains a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections...
The vulnerability of the modular interface of the Ruby-based Rack web server allows a hacker to trigger a service failure.
The vulnerability of the modular interface of the Ruby-based Rack web server is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Rack::Utils.get_byte_ranges() function in the Ruby-based Rack web server module interface allows a attacker to cause a denial-of-service attack.
The vulnerability of the Rack::Utils.getbyteranges function in the Rack web server module interface, a programming language for Ruby, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the modular interface of the Ruby-based Rack web server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Ruby-based Rack web server’s modular interface is related to partial comparison. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the map_accel_path method in the Ruby programming language-based Rack web server module interface allows a hacker to gain unauthorized access to protected information.
The vulnerability of the mapaccelpath method in the Ruby programming language-based Rack web server module interface is related to the use of a regular expression, which does not sufficiently restrict the set of allowed values. Exploiting this vulnerability can allow an attacker to gain...
The vulnerability of the Ruby-based Rack web server module interface parser allows a attacker to cause a denial-of-service attack.
The vulnerability of the Ruby-based Rack web server module interface parser involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
TencentOS Server 4: pcs (TSSA-2026:0318)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0318 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
The vulnerability of the modular interface between web servers and Rack web applications, related to incorrect path name restrictions for the restricted access catalog, allows attackers to gain unauthorized access to protected information.
The vulnerability of the modular interface between web servers and Rack web applications is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Astra Linux – Vulnerability in Ruby-Rack
There is a possible denial-of-service vulnerability in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1, specifically in the multipart parsing component of Rack...
Astra Linux – Vulnerability in Ruby-Rack
A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial-of-service vulnerability ReDos, degree 2 polynomial. This vulnerability has been fixed in 3.0.9.1 and 2.2.8.1...
Astra Linux – Vulnerability in Ruby-Rack
There is a directory traversal vulnerability in Rack versions prior to 2.2.0. This vulnerability allows attackers to exploit the directory traversal vulnerability in the Rack::Directory module, which is included with Rack. This could lead to the disclosure of sensitive information...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...
Astra Linux – Vulnerability in Ruby-Rack
There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...