Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27456
rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.
7.5
CVSSv3
CVE-2024-21647
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without...
Puma Puma
5.4
CVSSv3
CVE-2023-38971
Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote malicious user to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.
Uatech Badaso
9.8
CVSSv3
CVE-2023-40175
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is ...
Puma Puma
1 Github repository
6.1
CVSSv3
CVE-2023-20228
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient va...
Cisco Encs 5100 Firmware
Cisco Encs 5400 Firmware
Cisco Ucs C220 M5 Rack Server Firmware
Cisco Ucs E160s M3 Firmware
Cisco Ucs E180d M3 Firmware
Cisco Ucs-e1120d-m3 Firmware
5.4
CVSSv3
CVE-2023-33785
A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Netbox Netbox 3.5.1
5.4
CVSSv3
CVE-2023-33798
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
Netbox Netbox 3.5.1
NA
CVE-2023-27539
Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection. For the oldstable distribution (bullseye), these problems have been fixed in version 2.1.4-3+deb11u1. We recommend ...
7.5
CVSSv3
CVE-2023-27530
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an malicious user to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Rack Project Rack
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.6
CVSSv3
CVE-2023-20012
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the im...
Cisco Nexus 93180yc-fx3s Firmware -
Cisco Nexus 93180yc-fx3 Firmware -
Cisco Ucs Central Software
Cisco Ucs 6536 Firmware -
Cisco Ucs 64108 Firmware -
Cisco Ucs 6454 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »