13 matches found
CVE-2026-35651
OpenClaw OpenClaw 2026.2.13 through 2026.3.24 contains an ANSI escape sequence injection vulnerability in approval prompts. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to spoof terminal output by manipulating displayed inf...
CVE-2025-67746 Composer vulnerable to ANSI sequence injection
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
SUSE CVE-2012-3867
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
ROS-20230210-01
The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...
Microsoft PowerShell Remote Code Execution Vulnerability (Dec 2022) - Windows
This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2022-41076. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
GHSA-Q44R-F2HM-V76V Pupper does not properly restrict characters in Common Name field of Certificate Signing Request
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
CVE-2012-3867
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
DEBIAN-CVE-2012-3867
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
Design/Logic Flaw
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
CVE-2012-3867
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
CVE-2012-3867
CVE-2012-3867 affects Puppet modules where CSR Common Name validation is lax in Puppet before 2.6.17 and in 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2. This allows user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequenc...