9 matches found
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005320)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005320 advisory. Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial o...
MiracleLinux 8 : pcs-0.10.18-2.el8_10.ML.1 (AXSA:2024-8447:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8447:02 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...
MiracleLinux 9 : pcs-0.11.9-2.el9_6.1.ML.1 (AXSA:2025-10558:05)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10558:05 advisory. rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 Tenable has extracted the preceding description block directly from the MiracleLin...
MiracleLinux 8 : pcs-0.10.18-2.el8_10.5.ML.1 (AXSA:2025-10529:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10529:04 advisory. rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 tornado: Tornado Multipart Form-Data Denial of Service CVE-2025-47287...
RHEL 9 : pcs (RHSA-2025:19512)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19512 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...
pcs security update
An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...
rack: Rack memory exhaustion denial of service
A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...
Linux Distros Unpatched Vulnerability : CVE-2023-27530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A DoS vulnerability exists in Rack v3.0.4.2, v2.2.6.3, v2.1.4.3 and v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft...
SUSE-SU-2024:1131-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing bsc1220239. - CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing bsc1220242. - CVE-2024-26146: Fixed a...