144 matches found
EUVD-2022-5620
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-58160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber wa...
tracing 安全漏洞
tracing is an open source application from Tokio. A security vulnerability exists in tracing versions prior to 0.3.20, which stems from ANSI escape sequence injection and could lead to endpoint manipulation...
Linux Distros Unpatched Vulnerability : CVE-2019-8321
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is...
Linux Distros Unpatched Vulnerability : CVE-2022-4245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means...
CVE-2020-15334
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...
openSUSE Security Advisory (SUSE-SU-2025:1492-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15: ruby2.5-rubygem-rack-1_6 / ruby2.5-rubygem-rack-doc-1_6 / etc (SUSE-SU-2025:1492-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1492-1 advisory. - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Tenable has extracted the preceding description block directly from the SUSE...
Security update for rubygem-rack-1_6
This update for rubygem-rack-16 fixes the following issues: CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
SUSE-SU-2025:1492-1 Security update for rubygem-rack-1_6
This update for rubygem-rack-16 fixes the following issues: - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607...
RHEL 7 : fluentd (RHSA-2018:2225)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:0874-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0874-1 advisory. - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 -...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607...
SUSE-SU-2025:0874-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607 -...
GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
CVE-2025-27111
Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2017:3485)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3485 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...