RHEL 9 : pcs (RHSA-2025:19736)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19736 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

CVE-2025-27111

A flaw was found in Rack Rubygem, where the Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. This flaw allows an attacker to inject escape sequences, such as newline characters, into the header, resulting in log injection. Mitigation To mitigate this...

CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

Session fixation

There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...