Lucene search
K

27 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:42 a.m.44 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2022-44572 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the multipart parsing component...

10CVSS8.7AI score0.35376EPSS
Exploits3Affected Software1
OpenVAS
OpenVAS
added 2024/09/27 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-7036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.4AI score0.35376EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/09/26 12:0 a.m.30 views

Ubuntu 22.04 LTS : Rack vulnerabilities (USN-7036-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7036-1 advisory. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sendin...

10CVSS8AI score0.35376EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : rubygem-rack (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 - A possible denial of service...

7.9AI score0.35376EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.24 views

RHEL 7 / 8 : Satellite 6.11.4 Async Security Update (Important) (RHSA-2022:7242)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7242 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

8.1CVSS8.3AI score0.02056EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.37 views

GLSA-202310-18 : Rack: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-18 Rack: Multiple Vulnerabilities - A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack. CVE-2022-30122 - A sequence injection vulnerability exis...

10CVSS7.5AI score0.02056EPSS
Exploits0References4
Debian
Debian
added 2023/10/22 12:35 p.m.87 views

[SECURITY] [DSA 5530-1] ruby-rack security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5530-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2023 https://www.debian.org/security/faq -...

10CVSS7.2AI score0.02056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/22 12:0 a.m.35 views

Debian DSA-5530-1 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory. Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injectio...

10CVSS7.4AI score0.02056EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.44 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Rack vulnerabilities (USN-5253-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5253-1 advisory. It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to...

10CVSS7.7AI score0.03687EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.119 views

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5896-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5896-1 advisory. It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system...

10CVSS8.1AI score0.02056EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2023/02/27 6:25 p.m.99 views

USN-5896-1: Rack vulnerabilities

It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of...

10CVSS8.2AI score0.02056EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-5253-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.03687EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2022/12/13 11:33 a.m.117 views

USN-5253-1: Rack vulnerabilities

It was discovered that Rack insecurely handled session ids. An unauthenticated remote attacker could possibly use this issue to perform a timing attack and hijack sessions. CVE-2019-16782 It was discovered that Rack was incorrectly handling cookies during parsing, not validating them or performin...

10CVSS7.7AI score0.03687EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.45 views

Amazon Linux 2 : pcs (ALAS-2022-1895)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1895 advisory. A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart...

10CVSS7.8AI score0.02056EPSS
Exploits0References5
OSV
OSV
added 2022/12/05 12:0 a.m.31 views

CVE-2022-30122

A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack...

7.5CVSS8.3AI score0.02056EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.19 views

CVE-2022-30122

A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack...

8.5AI score0.02056EPSS
Exploits0References4
CVE
CVE
added 2022/12/05 12:0 a.m.378 views

CVE-2022-30122

CVE-2022-30122 affects Rack’s multipart parsing in Rack <2.0.9.1, <2.1.4.1 and

7.5CVSS8.1AI score0.02056EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2022/09/04 12:0 a.m.28 views

Debian: Security Advisory (DLA-3095-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.7AI score0.02056EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/07/06 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2022-0252)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.7AI score0.02056EPSS
Exploits0References6
Hacker One
Hacker One
added 2022/07/05 10:59 p.m.76 views

Internet Bug Bounty: Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing

ReDoS in Rack::Multipart::BROKENQUOTED and Rack::Multipart::BROKENUNQUOTED. https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service...

5CVSS8.1AI score0.02056EPSS
Exploits0
Rows per page
Query Builder