281 matches found
OESA-2022-1729 rubygem-rack security update
Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...
openSUSE: Security Advisory for rubygem-rack (SUSE-SU-2022:2192-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:2192-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS bsc1200748 - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences bsc1200750...
Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...
CVE-2022-30123
A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...
Arbitrary Code Injection
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...
GHSA-WQ4H-7R42-5HRR Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...
CVE-2022-24725 Exposure of home directory through shescape on Unix with Bash
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...
IBM Flash System 900 has unspecified vulnerabilities
Ibm Flash System 900 is a fully optimized all-flash storage array from Ibm, Inc. Used to accelerate business growth, the IBM Flash System 900 has a security vulnerability that stems from a shell escape vulnerability in the IBM Flash System 900. An attacker could exploit the vulnerability to obtai...
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
Code injection
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
CVE-2021-37471
Cradlepoint IBR900-600 devices running versions 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager console, local console and SSH command-line...
Cradlepoint IBR900-600 安全漏洞
The Cradlepoint IBR900-600 is a router from Cradlepoint USA. A security vulnerability exists in the Cradlepoint IBR900-600 that stems from a restricted shell escape sequence that may exist on Cradlepoint IBR900-600 7.2.60 devices. An attacker could exploit the vulnerability to deny the availabili...
SUSE-SU-2021:3520-1 Security update for open-lldp
This update for open-lldp fixes the following issues: - CVE-2018-10932: Fixed an improper sanitization of shell-escape codes. bsc1104624...
CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...
CVE-2021-29873
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...
Design/Logic Flaw
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229...
CVE-2021-29873
CVE-2021-29873 affects IBM FlashSystem 900 and related IBM storage products (SVC/Storwize/Spectrum Virtualize family). A authenticated user could escape a restricted shell to obtain sensitive information and cause a denial of service. The IBM Security Bulletin lists the affected platforms (FlashS...