Search CVE reports
321 – 330 of 48565 results
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce...
1 affected package
mbedtls
| Package | 16.04 LTS |
|---|---|
| mbedtls | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Content-Length response header using String#size instead of String#bytesize. When the response body contains...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules evaluates several header_rules types against the raw URL-encoded PATH_INFO, while the underlying file-serving...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard (*)...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type...
1 affected package
ruby-rack
| Package | 16.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |