CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

Vulnerabilities fixed in Cisco AsyncOS Software

Cisco has fixed vulnerabilities in Cisco AsyncOS Software Specific to Cisco Secure Web Appliance and Cisco Secure Email Gateway. The vulnerabilities are in the way Cisco AsyncOS Software handles requests and configuration files. An attacker can gain unauthenticated access to the system by using...

CVE-2019-3721

CVE-2019-3721 affects Dell EMC OpenManage System Administrator (OMSA) prior to version 9.3.0. The issue is an improper range header processing vulnerability in OMSA’s handling of HTTP Range requests; crafted requests with overlapping ranges can cause the application to compress each requested byt...

squid: assertion failure in Range header processing (SQUID-2014:2)

A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid...