ROS-20260513-73-0007

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0003

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0005

An interpretation conflict vulnerability in rubygem-rack. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0006

Vulnerability in rubygem-rack related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260513-73-0002

Vulnerability in rubygem-rack related to permissive regular expressions. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260513-73-0004

Vulnerability in rubygem-rack related to permissive regular expressions. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260417-73-0027

Vulnerability in rubygem-rack related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

OPENSUSE-SU-2026:10358-1 ruby4.0-rubygem-rack-3.1.18-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-3.1.18-1.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10286-1 ruby4.0-rubygem-rack-2.2-2.2.22-1.1 on GA media

These are all security issues fixed in the ruby4.0-rubygem-rack-2.2-2.2.22-1.1 package on the GA media of openSUSE Tumbleweed...

MiracleLinux 9 : pcs-0.11.7-2.el9_4.ML.1 (AXSA:2024-8111:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8111:01 advisory. rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header...

MiracleLinux 8 : pcs-0.10.15-4.el8.1.ML.1 (AXSA:2023-6169:12)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6169:12 advisory. rubygem-rack: Denial of service in Multipart MIME parsing CVE-2023-27530 rubygem-rack: denial of service in header parsing CVE-2023-27539 Tenable ha...

MiracleLinux 9 : pcs-0.11.4-7.el9.ML.1 (AXSA:2023-6066:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6066:10 advisory. pcs: webpack: Regression of CVE-2023-28154 fixes in the MIRACLE LINUX CVE-2023-2319 rubygem-rack: Denial of service in Multipart MIME parsing...

MiracleLinux 7 : pcs-0.9.169-3.el7.3 (AXSA:2022-4104:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4104:06 advisory. rubygem-rack: crafted requests can cause shell escape sequences CVE-2022-30123 jquery: Prototype pollution in object's prototype leading to denial o...

Oracle Linux 10 : pcs (ELSA-2025-21036)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21036 advisory. 0.12.1-1.el101.1 - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves:...

Oracle Linux 9 : pcs (ELSA-2025-20962)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20962 advisory. - Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack Resolves: RHEL-120945,...

openSUSE Security Advisory (SUSE-SU-2025:4273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: Update to version 2.2.20 bsc1251936 CVE-2025-61919: Fixed application/x-www-form-urlencoded, callingrack.input.readnil without enforcing a length or cap bsc1251936 CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile allows...

RockyLinux 9 : pcs (RLSA-2025:20962)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:20962 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's unbound...

AlmaLinux 8 : pcs (ALSA-2025:19719)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19719 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's unbounde...