Lucene search
K

281 matches found

OSV
OSV
added 2022/07/01 11:3 a.m.4 views

OESA-2022-1729 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

10CVSS7.1AI score0.02938EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/06/28 12:0 a.m.28 views

openSUSE: Security Advisory for rubygem-rack (SUSE-SU-2022:2192-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS8.8AI score0.02056EPSS
Exploits0References2
OSV
OSV
added 2022/06/27 3:13 p.m.6 views

SUSE-SU-2022:2192-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS bsc1200748 - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences bsc1200750...

10CVSS8.4AI score0.02056EPSS
Exploits0References5
RubySec
RubySec
added 2022/06/27 12:0 a.m.78 views

Possible shell escape sequence injection vulnerability in Rack

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...

10CVSS4.3AI score0.01801EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/06/21 8:0 a.m.45 views

CVE-2022-30123

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

10CVSS3.9AI score0.01801EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/28 8:22 a.m.3 views

Arbitrary Code Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

10CVSS7.9AI score0.01801EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/27 4:36 p.m.58 views

Possible shell escape sequence injection vulnerability in Rack

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...

10CVSS9.5AI score0.01801EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/27 4:36 p.m.99 views

GHSA-WQ4H-7R42-5HRR Possible shell escape sequence injection vulnerability in Rack

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...

10CVSS9.6AI score0.01801EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2022/03/03 9:35 p.m.4 views

CVE-2022-24725 Exposure of home directory through shescape on Unix with Bash

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...

6.2CVSS6.3AI score0.00492EPSS
Exploits1References3
CNVD
CNVD
added 2021/12/01 12:0 a.m.25 views

IBM Flash System 900 has unspecified vulnerabilities

Ibm Flash System 900 is a fully optimized all-flash storage array from Ibm, Inc. Used to accelerate business growth, the IBM Flash System 900 has a security vulnerability that stems from a shell escape vulnerability in the IBM Flash System 900. An attacker could exploit the vulnerability to obtai...

8.8CVSS2AI score0.01477EPSS
Exploits0References1
OSV
OSV
added 2021/11/07 4:15 p.m.5 views

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

7.5CVSS7.1AI score0.0116EPSS
Exploits1References2
NVD
NVD
added 2021/11/07 4:15 p.m.13 views

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

7.8CVSS0.0116EPSS
Exploits1References2
Prion
Prion
added 2021/11/07 4:15 p.m.16 views

Code injection

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

7.8CVSS7.4AI score0.0116EPSS
Exploits1References2Affected Software3
Cvelist
Cvelist
added 2021/11/07 3:25 p.m.27 views

CVE-2021-37471

Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...

7.6AI score0.0116EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/07 12:0 a.m.4 views

Cradlepoint IBR900-600 安全漏洞

The Cradlepoint IBR900-600 is a router from Cradlepoint USA. A security vulnerability exists in the Cradlepoint IBR900-600 that stems from a restricted shell escape sequence that may exist on Cradlepoint IBR900-600 7.2.60 devices. An attacker could exploit the vulnerability to deny the availabili...

7.8CVSS7.4AI score0.0116EPSS
Exploits1References3
OSV
OSV
added 2021/10/26 1:38 p.m.2 views

SUSE-SU-2021:3520-1 Security update for open-lldp

This update for open-lldp fixes the following issues: - CVE-2018-10932: Fixed an improper sanitization of shell-escape codes. bsc1104624...

4.3CVSS4.6AI score0.01038EPSS
Exploits0References3
OSV
OSV
added 2021/10/21 5:15 p.m.4 views

CVE-2021-29873

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...

8.1CVSS7.3AI score0.01477EPSS
Exploits0References3
NVD
NVD
added 2021/10/21 5:15 p.m.18 views

CVE-2021-29873

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...

8.8CVSS0.01477EPSS
Exploits0References3
Prion
Prion
added 2021/10/21 5:15 p.m.20 views

Design/Logic Flaw

IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...

5.5CVSS7.6AI score0.01477EPSS
Exploits0References3Affected Software10
CVE
CVE
added 2021/10/21 4:40 p.m.69 views

CVE-2021-29873

CVE-2021-29873 affects IBM FlashSystem 900 and related IBM storage products (SVC/Storwize/Spectrum Virtualize family). A authenticated user could escape a restricted shell to obtain sensitive information and cause a denial of service. The IBM Security Bulletin lists the affected platforms (FlashS...

8.8CVSS7.6AI score0.01477EPSS
Exploits0References3Affected Software8
Rows per page
Query Builder