527 matches found
RHEL 7 : fluentd (RHSA-2018:2225)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...
CLSA-2025-1743675732 avahi: Fix of 8 CVEs
CVE-2021-3468: handle termination event on avahi Unix socket to prevent infinite loop - CVE-2023-1981: prevent avahi daemon crash by emitting an error if the requested D-Bus service is not found - CVE-2021-3502: fix avahi-daemon crashing from NULL pointer assertions - CVE-2023-38469: reject...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:0874-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0874-1 advisory. - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 -...
Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607...
SUSE-SU-2025:0874-1 Security update for rubygem-rack
This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607 -...
Ubiquiti UniFi Protect Cameras Code Execution Vulnerability
Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...
GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...
CVE-2025-27111
Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...
Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...
Ubiquiti UniFi Protect Cameras 命令注入漏洞
Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...
The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system allows a hacker to disclose protected information.
The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data...
Git 安全漏洞
Git is a free, open-source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from an unprotected ANSI escape sequence in sideband channel messaging, which can be exploited by malicious people to hide or distort information or mislead users...
PT-2025-2874
Name of the Vulnerable Software and Affected Versions Git versions prior to v2.48.1 Git versions prior to v2.47.2 Git versions prior to v2.46.3 Git versions prior to v2.45.3 Git versions prior to v2.44.3 Git versions prior to v2.43.6 Git versions prior to v2.42.4 Git versions prior to v2.41.3 Git...
CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
UBUNTU-CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
PT-2024-37077 · Ghostty · Ghostty
Name of the Vulnerable Software and Affected Versions: Ghostty version 1.0.0 Description: Ghostty is a cross-platform terminal emulator that allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This...
OESA-2024-1828 vte291 security update
VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc. Security Fixes: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window...