212 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
Astra Linux - уязвимость в ruby-rack
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability has been...
CVE-2026-7381
A flaw was found in Plack::Middleware::XSendfile. A remote attacker can exploit this vulnerability by manipulating HTTP headers, specifically X-Sendfile-Type and X-Accel-Mapping, when the application is deployed behind an nginx reverse proxy. This client-controlled path rewriting could allow the...
CVE-2026-7381
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
DEBIAN-CVE-2026-7381
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
CVE-2026-7381
Plack::Middleware::XSendfile (Perl)
EUVD-2026-26296
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting
Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...
RLSA-2026:9689 Important: java-21-openjdk security update
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux CVE-2026-22016 JDK:...
RHEL 10 / 8 / 9 : java-21-openjdk (RHSA-2026:9689)
The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9689 advisory. The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security...
CVE-2026-31452
A flaw was found in the Linux kernel's ext4 filesystem. A local user could exploit a vulnerability where the truncate function, when used to expand a file beyond its inline data capacity, fails to properly convert the file to extent-based storage. This inconsistency can lead to a kernel crash BUG...
Linux Distros Unpatched Vulnerability : CVE-2026-34830
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mappi...
SUSE CVE-2026-34830
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...
CVE-2026-34830
A flaw was found in Rack. A remote attacker can exploit this vulnerability by injecting regular expression metacharacters into the X-Accel-Mapping request header. This improper input validation in Rack::Sendfilemapaccelpath allows the attacker to control the generated X-Accel-Redirect response...
EUVD-2026-18390
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect...
Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...
GHSA-QV7J-4883-HWH7 Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect
Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...
CVE-2026-34830
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...
DEBIAN-CVE-2026-34830
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...
CVE-2026-34830 Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...