Lucene search
K

3255 matches found

CVE
CVE
added 2025/03/04 11:58 p.m.49 views

CVE-2025-23410

GMOD Apollo is affected by a relative path traversal vulnerability in the web interface when uploading organism/sequence data. The root cause is that uploaded archives are unzip-inspected but not checked for path traversal in supported archive types, potentially allowing access to restricted path...

9.8CVSS7.2AI score0.0061EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/04 11:58 p.m.6 views

CVE-2025-23410 GMOD Apollo Relative Path Traversal

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...

9.8CVSS7.2AI score0.0061EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 3:27 p.m.10 views

GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

6.9CVSS6.5AI score0.00699EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/03/04 3:27 p.m.8 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/03/04 3:26 p.m.18 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS0.00699EPSS
Exploits0References4
CVE
CVE
added 2025/03/04 3:26 p.m.2033 views

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

7.5CVSS6.8AI score0.00699EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/04 3:26 p.m.9 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS6.8AI score0.00699EPSS
Exploits0References4
RubySec
RubySec
added 2025/03/04 12:0 a.m.15 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.4 views

Ubiquiti UniFi Protect Cameras 命令注入漏洞

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

7.5CVSS8.3AI score0.00722EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/27 3:10 a.m.3 views

SUSE CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

5.5CVSS7.5AI score0.00253EPSS
Exploits0References9
OSV
OSV
added 2025/02/27 2:15 a.m.3 views

DEBIAN-CVE-2024-57984

In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dwi3cmaster driver due to race condition In dwi3ccommonprobe, &master-hjwork is bound with dwi3chjwork. And dwi3cmasterirqhandler can call dwi3cmasterirqhandleibis function to start the work. If we...

7.8CVSS6.1AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 7:0 a.m.1 views

DEBIAN-CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 7:0 a.m.1 views

UBUNTU-CVE-2022-49200

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtksdio: Fix kernel oops in btmtksdiointerrupt Fix the following kernel oops in btmtksdiointerrrupt 14.339134 btmtksdiointerrupt+0x28/0x54 14.339139 processsdiopendingirqs+0x68/0x1a0 14.339144 sdioirqwork+0x40/0x70...

5.5CVSS6.2AI score0.00253EPSS
Exploits0References9
Pen Test Partners Blog
Pen Test Partners Blog
added 2025/02/26 6:49 a.m.13 views

A dive into the Rockchip Bootloader

TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company...

7.3AI score
Exploits0
Debian CVE
Debian CVE
added 2025/02/26 2:13 a.m.10 views

CVE-2022-49501

In the Linux kernel, the following vulnerability has been resolved: usbnet: Run unregisternetdev before unbind again Commit 2c9d6c2b871d "usbnet: run unbind before unregisternetdev" sought to fix a use-after-free on disconnect of USB Ethernet adapters. It turns out that a different fix is necessa...

7.8CVSS5.6AI score0.00251EPSS
Exploits0
Debian CVE
Debian CVE
added 2025/02/26 2:10 a.m.3 views

CVE-2022-49308

In the Linux kernel, the following vulnerability has been resolved: extcon: Modify extcon device to be created after driver data is set Currently, someone can invoke the sysfs such as stateshow intermittently before devsetdrvdata is done. And it can be a cause of kernel Oops because of edev is Nu...

5.5CVSS5.5AI score0.00276EPSS
Exploits0
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the inclusion of 0 chunks when submitting the cs command, resulting in a null pointer dereference...

5.5CVSS5.5AI score0.00262EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect cleanup sequence in rt5645i2cremove...

7.8CVSS5.5AI score0.00252EPSS
Exploits0References10
CVE
CVE
added 2025/02/20 5:50 p.m.105 views

CVE-2025-27091

OpenH264 decoding vulnerability (CVE-2025-27091) affects OpenH264 2.5.0 and earlier in both SVC and AVC modes. A race condition between SPS memory allocation and subsequent non-IDR NAL memory usage can enable a remote, unauthenticated attacker to trigger a heap overflow by delivering a crafted bi...

8.6CVSS6.9AI score0.00639EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.7 views

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0503-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0503-1 advisory. - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229:...

8.8CVSS8AI score0.02084EPSS
Exploits1References31
Rows per page
Query Builder