Lucene search
K

218 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3373

Malicious code in bioql PyPI...

4.4CVSS4.8AI score0.00699EPSS
Exploits1References61
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2017-5647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to...

7.5CVSS7.7AI score0.1684EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-52767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if...

5.5CVSS6.1AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.7 views

Metasoft MetaCRM 代码问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. A code issue vulnerability exists in Metasoft MetaCRM 6.4.2 and prior versions, which stems from an unrestricted upload due to improper handling of the parameter File in the file sendfile.jsp...

9.8CVSS6.7AI score0.00501EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 4:49 a.m.8 views

CVE-2010-2693

FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service system file corruption and gain privileges via the sendfile system call...

7.2CVSS6.8AI score0.00698EPSS
Exploits1References1
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

7.5CVSS7AI score0.00699EPSS
Exploits0
OSV
OSV
added 2025/03/21 1:17 p.m.5 views

OESA-2025-1299 rubygem-rack security update

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS7AI score0.01142EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/03/06 3:1 a.m.4 views

SUSE CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

5.3CVSS7.6AI score0.00699EPSS
Exploits0References7
OSV
OSV
added 2025/03/04 4:15 p.m.2 views

DEBIAN-CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

7.5CVSS6.7AI score0.00699EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 4:15 p.m.15 views

UBUNTU-CVE-2025-27111

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

7.5CVSS6.6AI score0.00699EPSS
Exploits0References8
OSV
OSV
added 2025/03/04 3:27 p.m.10 views

GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

6.9CVSS6.5AI score0.00699EPSS
Exploits0References8
Snyk
Snyk
added 2025/03/04 3:27 p.m.4 views

Improper Output Neutralization for Logs

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS7.6AI score0.00699EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/03/04 3:27 p.m.8 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/12/04 2:20 p.m.19 views

CVE-2024-53138 net/mlx5e: kTLS, Fix incorrect page refcounting

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

0.00217EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/05/23 2:57 a.m.3 views

SUSE CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References10
NVD
NVD
added 2024/05/21 4:15 p.m.30 views

CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

5.5CVSS6.6AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2024/05/21 4:15 p.m.1 views

DEBIAN-CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

5.5CVSS5.6AI score0.00172EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/05/21 4:15 p.m.31 views

CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

5.5CVSS6AI score0.00172EPSS
Exploits0References5
OSV
OSV
added 2024/05/21 4:15 p.m.17 views

UBUNTU-CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

5.5CVSS5.8AI score0.00172EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/05/21 3:30 p.m.15 views

CVE-2023-52767 tls: fix NULL deref on tls_sw_splice_eof() with empty record

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...

6.9AI score0.00172EPSS
Exploits0References3
Rows per page
Query Builder