Lucene search
+L

17 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.8 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2025:03467-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03467-1 advisory. Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which...

9.8CVSS6.6AI score0.00958EPSS
Exploits0References10
Debian
Debian
added 2024/11/06 3:58 p.m.20 views

[SECURITY] [DLA 3947-1] puma security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 06, 2024 https://wiki.debian.org/LTS -...

7.5CVSS6.6AI score0.00958EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.13 views

Debian dla-3947 : puma - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3947 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3947-1 [email protected]...

7.5CVSS6.4AI score0.00958EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/10/17 12:0 a.m.20 views

openSUSE Security Advisory (SUSE-SU-2024:3644-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/17 12:0 a.m.26 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-puma (SUSE-SU-2024:3644-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3644-1 advisory. - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked...

7.5CVSS6.3AI score0.00958EPSS
Exploits0References7
OSV
OSV
added 2024/10/16 6:55 a.m.28 views

SUSE-SU-2024:3644-1 Security update for rubygem-puma

This update for rubygem-puma fixes the following issues: - CVE-2024-45614: Prevent underscores from clobbering hyphen headers bsc1230848. - CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies bsc1218638...

7.5CVSS6.4AI score0.00958EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.21 views

Fedora: Security Advisory (FEDORA-2024-c393b8b2fb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.1AI score0.00958EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.27 views

Fedora 40 : rubygem-puma (2024-c393b8b2fb)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c393b8b2fb advisory. Automatic update for rubygem-puma-6.4.2-1.fc40. Changelog Tue Jan 9 2024 Vt Ondruch - 6.4.2-1 - Update to Puma 6.4.2. Resolves: rhbz2134670 Resolves...

9.8CVSS6.5AI score0.00958EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 1:50 p.m.77 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.

Summary Vulnerabilities in Puma and Amazon Ion were remediated in IBM Observability with Instana build 266. Vulnerability Details CVEID:CVE-2024-21647 DESCRIPTION: Puma is vulnerable to a denial of service, caused by incorrect behavior when parsing chunked transfer encoding bodies. By sending a...

7.5CVSS7.2AI score0.00958EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-6682-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.9AI score0.03977EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/03/07 2:0 p.m.63 views

USN-6682-1: Puma vulnerabilities

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. CVE-2020-11076 It was discovered that Puma incorrectly handled parsing certain header...

9.8CVSS7.1AI score0.03977EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/07 12:0 a.m.47 views

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

9.8CVSS7.1AI score0.03977EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.36 views

Ubuntu 23.04 / 23.10 : Puma vulnerability (USN-6597-1)

The remote Ubuntu 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6597-1 advisory. It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to...

7.5CVSS6.2AI score0.00958EPSS
Exploits0References2
Wolfi
Wolfi
added 2024/01/08 2:15 p.m.37 views

CVE-2024-21647 vulnerabilities

Vulnerabilities for packages: ruby3.2-puma...

7.5CVSS7.1AI score0.00958EPSS
Exploits0
Chainguard
Chainguard
added 2024/01/08 2:15 p.m.50 views

CVE-2024-21647 vulnerabilities

Vulnerabilities for packages: ruby3.2-puma...

7.5CVSS7.3AI score0.00958EPSS
Exploits0
Cvelist
Cvelist
added 2024/01/08 1:45 p.m.68 views

CVE-2024-21647 HTTP Request/Response Smuggling in puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

5.9CVSS7.7AI score0.00958EPSS
Exploits0References2
CVE
CVE
added 2024/01/08 1:45 p.m.378 views

CVE-2024-21647

CVE-2024-21647 affects the Puma web server for Ruby/Rack. Prior to 6.4.2, Puma could mis-parse chunked Transfer-Encoding bodies, enabling HTTP request smuggling. The vulnerability can cause unbounded resource consumption (CPU, bandwidth), with an impact on availability. Fixed in versions 6.4.2 an...

7.5CVSS7.3AI score0.00958EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder