Lucene search
K

2253 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using a...

6.5CVSS6.3AI score0.00192EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mappi...

7.5CVSS7AI score0.00209EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limitin...

7.5CVSS6.6AI score0.01612EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.4 views

SUSE CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS5.8AI score0.00253EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:26 p.m.6 views

SUSE CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.7AI score0.00227EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.5 views

SUSE CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.7AI score0.00179EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.6 views

SUSE CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

5.3CVSS5.7AI score0.0043EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.5 views

SUSE CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.7AI score0.00195EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.13 views

SUSE CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

5.3CVSS5.7AI score0.0038EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.15 views

SUSE CVE-2026-34830

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...

5.9CVSS5.8AI score0.00209EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.12 views

SUSE CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.12 views

SUSE CVE-2026-34835

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.hos...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/04/03 9:1 p.m.5 views

CVE-2026-26962

A flaw was found in Rack, a modular Ruby web server interface. Rack::Multipart::Parser incorrectly processes folded multipart part headers, failing to remove embedded carriage return and line feed CRLF characters. This can lead to applications that reuse these parsed values in HTTP response heade...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 8:56 p.m.5 views

CVE-2026-34830

A flaw was found in Rack. A remote attacker can exploit this vulnerability by injecting regular expression metacharacters into the X-Accel-Mapping request header. This improper input validation in Rack::Sendfilemapaccelpath allows the attacker to control the generated X-Accel-Redirect response...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 8:51 p.m.6 views

CVE-2026-34826

A flaw was found in Rack. A remote attacker can exploit this by sending a specially crafted HTTP Range header containing numerous small, overlapping byte ranges. This can cause disproportionate consumption of CPU, memory, I/O, and bandwidth resources. The result is a Denial of Service DoS conditi...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 8:41 p.m.5 views

CVE-2026-34786

A flaw was found in Rack. A remote attacker can exploit this vulnerability by sending a specially crafted request with a URL-encoded static path. This bypasses security-relevant response headers intended for static content, potentially leading to information disclosure or other unintended...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References4
Rows per page
Query Builder