Ruby Rack < 2.2.23 / 3.0.x < 3.1.21 / 3.2 < 3.2.6 Multiple Vulnerabilities

The version of the Rack Ruby library installed on the remote host is prior to 2.2.23, prior to 3.1.21, or prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities: - Rack::Utils.getbyteranges parses HTTP Range header without limiting the number of individual byte ranges, leading to...

CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

Linux Distros Unpatched Vulnerability : CVE-2026-33658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy...

DEBIAN-CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

UBUNTU-CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

SUSE SLES12 Security Update : libsoup (SUSE-SU-2026:0703-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0703-1 advisory. - CVE-2026-0716: improper bounds handling may allow out-of-bounds read bsc1256418. - CVE-2025-4476: null pointer dereference may lead to denial...

MiracleLinux 8 : squid:4 (AXSA:2021-2820:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2820:01 advisory. squid: denial of service in URN processing CVE-2021-28651 squid: denial of service issue in Cache Manager CVE-2021-28652 squid: denial of service in...

PT-2025-44209

Name of the Vulnerable Software and Affected Versions Starlette versions 0.39.0 through 0.49.0 Description Starlette is a lightweight ASGI framework/toolkit. An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range...

EUVD-2013-0505

Malware in sbrugna...

EUVD-2018-11470

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-1223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configure...

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to repeated payloads with a HTTP range header field, allowing an attacker to do a response body bypass by accessing to restricted resources...

CVE-2022-39958

A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources...

OESA-2022-1970 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The CVE-2022-39958 issue affects the OWASP ModSecurity Core Rule Set (CRS) and enables a response-body bypass that can exfiltrate small data portions by repeatedly issuing HTTP Range requests. Affected legacy CRS: 3.0.x, 3.1.x; and currently supported: 3.2.1, 3.3.2. Upgrades are recommended to CR...