Lucene search
K

527 matches found

Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.7 views

RHEL 7 : fluentd (RHSA-2018:2225)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...

10CVSS7.8AI score0.04581EPSS
Exploits0References5
OSV
OSV
added 2025/04/03 10:22 a.m.15 views

CLSA-2025-1743675732 avahi: Fix of 8 CVEs

CVE-2021-3468: handle termination event on avahi Unix socket to prevent infinite loop - CVE-2023-1981: prevent avahi daemon crash by emitting an error if the requested D-Bus service is not found - CVE-2021-3502: fix avahi-daemon crashing from NULL pointer assertions - CVE-2023-38469: reject...

6.2CVSS6.6AI score0.0045EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/03/15 12:0 a.m.12 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:0874-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0874-1 advisory. - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 -...

7.5CVSS7.1AI score0.01095EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2025/03/14 2:47 p.m.3 views

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607...

8.7CVSS6.8AI score0.01095EPSS
Exploits1References12
OSV
OSV
added 2025/03/14 2:47 p.m.11 views

SUSE-SU-2025:0874-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607 -...

7.5CVSS7.5AI score0.01095EPSS
Exploits1References7
CNVD
CNVD
added 2025/03/13 12:0 a.m.1 views

Ubiquiti UniFi Protect Cameras Code Execution Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

7.5CVSS8.4AI score0.00722EPSS
Exploits0References1
OSV
OSV
added 2025/03/04 3:27 p.m.10 views

GHSA-8CGQ-6MH2-7J6V Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

6.9CVSS6.5AI score0.00699EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/03/04 3:27 p.m.8 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/03/04 3:26 p.m.19 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS0.00699EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/04 3:26 p.m.9 views

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

6.9CVSS6.8AI score0.00699EPSS
Exploits0References4
CVE
CVE
added 2025/03/04 3:26 p.m.2037 views

CVE-2025-27111

Rack is a Ruby web-server interface. The Rack::Sendfile middleware logs unsanitised header values from X-Sendfile-Type, enabling log injection when an attacker injects escape sequences (e.g., newline characters) into that header. Affected versions are fixed in Rack 2.2.12, 3.0.13, and 3.1.11. Pra...

7.5CVSS6.8AI score0.00699EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2025/03/04 12:0 a.m.15 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.5 views

Ubiquiti UniFi Protect Cameras 命令注入漏洞

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

7.5CVSS8.3AI score0.00722EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.8 views

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system allows a hacker to disclose protected information.

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data...

7.5CVSS7AI score0.00643EPSS
Exploits0References13Affected Software6
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.2 views

Git 安全漏洞

Git is a free, open-source distributed version control system open-sourced by Git. A security vulnerability exists in Git that stems from an unprotected ANSI escape sequence in sideband channel messaging, which can be exploited by malicious people to hide or distort information or mislead users...

8.8CVSS7.9AI score0.00494EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-2874

Name of the Vulnerable Software and Affected Versions Git versions prior to v2.48.1 Git versions prior to v2.47.2 Git versions prior to v2.46.3 Git versions prior to v2.45.3 Git versions prior to v2.44.3 Git versions prior to v2.43.6 Git versions prior to v2.42.4 Git versions prior to v2.41.3 Git...

9CVSS8.5AI score0.25334EPSS
Exploits43References92
NVD
NVD
added 2024/12/31 11:15 p.m.10 views

CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS0.00535EPSS
Exploits0References2
OSV
OSV
added 2024/12/31 11:15 p.m.4 views

UBUNTU-CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS5.8AI score0.00535EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/31 12:0 a.m.4 views

PT-2024-37077 · Ghostty · Ghostty

Name of the Vulnerable Software and Affected Versions: Ghostty version 1.0.0 Description: Ghostty is a cross-platform terminal emulator that allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This...

5.1CVSS8AI score0.00535EPSS
Exploits0References8
OSV
OSV
added 2024/07/12 11:8 a.m.4 views

OESA-2024-1828 vte291 security update

VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc. Security Fixes: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window...

4.4CVSS6.8AI score0.00238EPSS
Exploits0References2
Rows per page
Query Builder