7 matches found
SUSE-SU-2026:0935-1 Security update for php-composer2
This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. bsc1255768...
EUVD-2023-37846
Malicious code in bioql PyPI...
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2021-26616
An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments...
mime-support shell characters injection
run-mailcap special shell characters injection...
CURL-CVE-2012-0036 URL sanitization vulnerability
curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. When parsing URLs, libcurl's parser is liberal and only parses as little as possible and lets as much as possible through as long as it can figure out what to do. In...
bash terminal characters injection
It's possible to inject ESC-sequences into ls command output...