Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

Ubiquiti UniFi Protect Cameras 命令注入漏洞

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

SUSE CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

DEBIAN-CVE-2024-57984

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dwi3cmaster driver due to race condition In dwi3ccommonprobe, &master-hjwork is bound with dwi3chjwork. And dwi3cmasterirqhandler can call dwi3cmasterirqhandleibis function to start the work. If we...

DEBIAN-CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

UBUNTU-CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

A dive into the Rockchip Bootloader

TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company...

CVE-2022-49501

In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...

CVE-2022-49308

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as stateshow intermittently before devsetdrvdata is done. And it can be a cause of kernel Oops because of edev is Nu...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect cleanup sequence in rt5645i2cremove...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the inclusion of 0 chunks when submitting the cs command, resulting in a null pointer dereference...

CVE-2025-27091

OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0503-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0503-1 advisory. - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229:...

Security update for libtasn1

This update for libtasn1 fixes the following issues: CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. bsc1236878 Patch Instructions: To install this SUSE update use the SUSE recommended installation...

Security update for libtasn1

This update for libtasn1 fixes the following issues: CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. bsc1236878 Patch Instructions: To install this SUSE update use the SUSE recommended installation...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffe...