Lucene search
K

144 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5620

Malicious code in bioql PyPI...

10CVSS6.6AI score0.01801EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-58160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber wa...

2.3CVSS6AI score0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.4 views

tracing 安全漏洞

tracing is an open source application from Tokio. A security vulnerability exists in tracing versions prior to 0.3.20, which stems from ANSI escape sequence injection and could lead to endpoint manipulation...

2.3CVSS6.7AI score0.00303EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-8321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is...

7.5CVSS6.6AI score0.03372EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-4245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means...

4.3CVSS6AI score0.00694EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.6 views

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...

5.3CVSS7.3AI score0.00784EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/05/12 12:0 a.m.9 views

openSUSE Security Advisory (SUSE-SU-2025:1492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00699EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.3 views

openSUSE 15: ruby2.5-rubygem-rack-1_6 / ruby2.5-rubygem-rack-doc-1_6 / etc (SUSE-SU-2025:1492-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1492-1 advisory. - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Tenable has extracted the preceding description block directly from the SUSE...

7.5CVSS6.9AI score0.00699EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/05/06 2:36 p.m.1 views

Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

6.9CVSS6.6AI score0.00699EPSS
Exploits0References4
OSV
OSV
added 2025/05/06 2:36 p.m.3 views

SUSE-SU-2025:1492-1 Security update for rubygem-rack-1_6

This update for rubygem-rack-16 fixes the following issues: - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability bsc1238607...

7.5CVSS6.9AI score0.00699EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.8 views

RHEL 7 : fluentd (RHSA-2018:2225)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...

10CVSS7.8AI score0.04581EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/03/15 12:0 a.m.12 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:0874-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0874-1 advisory. - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 -...

7.5CVSS7.1AI score0.01142EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2025/03/14 2:47 p.m.3 views

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607...

8.7CVSS6.8AI score0.01142EPSS
Exploits1References12
OSV
OSV
added 2025/03/14 2:47 p.m.11 views

SUSE-SU-2025:0874-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607 -...

7.5CVSS7.5AI score0.01142EPSS
Exploits1References7
OSV
OSV
added 2025/03/04 3:27 p.m.10 views

GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

6.9CVSS6.5AI score0.00699EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/03/04 3:27 p.m.8 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2025/03/04 3:26 p.m.2041 views

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

7.5CVSS6.8AI score0.00699EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/03/04 3:26 p.m.19 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS0.00699EPSS
Exploits0References4
RubySec
RubySec
added 2025/03/04 12:0 a.m.17 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.29 views

RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2017:3485)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3485 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.29442EPSS
Exploits8References20
Rows per page
Query Builder