CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

GHSA-XWFJ-JGWM-7WP5 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Impact Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens o...

Tracing logging user input may result in poisoning logs with ANSI escape sequences

Impact Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens o...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper sanitization of the upload path in the upload process. An attacker can write arbitrary files to any location on the file system, potentially compromising the server, by sending a crafted upload request...

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. User Entity Behavior Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a...

GO-2025-3907 Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server

Mattermost Fails to Sanitize Path Traversal Sequences in github.com/mattermost/mattermost-server...

RUSTSEC-2025-0055 Logging user input may result in poisoning logs with ANSI escape sequences

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...

Logging user input may result in poisoning logs with ANSI escape sequences

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Aug 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.2 IF001 Vulnerability Details CVEID:CVE-2025-53643 DESCRIPTION: AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat [CVE-2025-31651]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, due to a condition where specially crafted requests are able bypass some rewrite rules in a subset of unlikely configurations...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a reflected file download (RFD) attack in Spring Framework [CVE-2025-41234]

Summary IBM Watson Speech Services Cartridge is vulnerable to a reflected file download RFD attack in Spring Framework, due to a condition where it sets a "Content-Disposition" header with a non-ASCII charset, where the filename attribute is derived from user-supplied input CVE-2025-41234. Spring...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Encoding or Escaping of Output in Git [CVE-2024-52005]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Encoding or Escaping of Output in Git, due to a failure to protect against standard error output in ANSI escape sequences CVE-2024-52005. Git is used in our speech service runtimes. This vulnerabilitiy has been addressed. Plea...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2019-11135: enabled CONFIGX86INTELTSXMODEAUTO bsc1139073, bsc1246695. CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio...

SUSE-SU-2025:03011-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: enabled CONFIGX86INTELTSXMODEAUTO bsc1139073, bsc1246695. - CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data Are Addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-49080 DESCRIPTION: The Jupyter Server provides the backend i.e. the core services, APIs, an...

SUSE-SU-2025:02997-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: enabled CONFIGX86INTELTSXMODEAUTO bsc1139073, bsc1246695 - CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707...

Linux Distros Unpatched Vulnerability : CVE-2025-46394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. CVE-2025-46394 Note that...

Linux Distros Unpatched Vulnerability : CVE-2021-33477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ES...