Lucene search
+L

122 matches found

UbuntuCve
UbuntuCve
added 2023/04/14 10:15 p.m.51 views

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

3.3CVSS6.6AI score0.00428EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/04/14 12:0 a.m.3 views

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

3.8AI score0.00428EPSS
Exploits1References4
NVD
NVD
added 2023/03/16 1:15 a.m.21 views

CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output...

5.3CVSS6AI score0.00953EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.5 views

SUSE CVE-2015-2317

The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...

4.3CVSS6.1AI score0.0499EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.4 views

SAMSUNG Mobile devices 格式化字符串错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2023 Release 1, which originates from the use of an externally formatted control character in STST TA that...

7.8CVSS7.8AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2022/10/26 10:21 a.m.4 views

SUSE-SU-2022:3774-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion bsc1204383. - CVE-2022-35252: Fixed a potential injection of control characters into cookies bsc1202593...

9.8CVSS7.1AI score0.04325EPSS
Exploits2References5
OSV
OSV
added 2022/09/02 1:2 p.m.6 views

SUSE-SU-2022:3005-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service bsc1202593...

3.7CVSS5.4AI score0.01839EPSS
Exploits1References3
OSV
OSV
added 2022/09/02 1:1 p.m.9 views

SUSE-SU-2022:3003-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service bsc1202593...

3.7CVSS5.4AI score0.01839EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/05/23 12:0 a.m.15 views

Nextcloud Server < 20.0.14.4, 21.x < 21.0.8, 22.x < 22.2.4, 23.x < 23.0.1 Control Character Filtering Vulnerability (GHSA-w3h6-p64h-q9jp)

Nextcloud Server is prone to a control character filtering vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS5AI score0.01265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/21 9:15 p.m.5 views

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

9.8CVSS7.3AI score0.17749EPSS
Exploits1References3
Prion
Prion
added 2022/05/21 9:15 p.m.16 views

Privilege escalation

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'email protected\n\trole = "admin"' value...

7.5CVSS9.5AI score0.17749EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/05/21 8:35 p.m.18 views

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

9.8CVSS9.6AI score0.17749EPSS
Exploits1References4
OSV
OSV
added 2022/05/14 2:6 a.m.2 views

GHSA-7FQ8-4PV5-5W5C Django cross-site scripting (XSS) attack via user-supplied redirect URLs

The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...

6.1CVSS5.9AI score0.0499EPSS
Exploits0References17
NVD
NVD
added 2022/03/28 2:15 a.m.30 views

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...

6.1CVSS0.00918EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/03/28 2:15 a.m.3 views

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...

6.1CVSS6.3AI score0.00918EPSS
Exploits2References3
OSV
OSV
added 2022/03/28 2:15 a.m.37 views

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...

6.1CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2022/03/28 2:15 a.m.21 views

Cross site scripting

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...

4.3CVSS5.9AI score0.00918EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2021/06/23 5:27 p.m.21 views

GHSA-R4GV-VJ59-CCCM Control character injection in console output in github.com/ipfs/go-ipfs

Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. Patches - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 For more information If you have any questions...

6.8CVSS8.6AI score0.01501EPSS
Exploits0References4
OSV
OSV
added 2021/02/03 6:51 p.m.11 views

SUSE-SU-2021:0299-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs bsc1177211, bpo39603, CVE-2020-26116,...

7.2CVSS7.4AI score0.0642EPSS
Exploits1References3
Hacker One
Hacker One
added 2021/02/01 11:56 a.m.42 views

OpenMage: Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts.

Summary: We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains malware or...

0.3AI score
Exploits0
Rows per page
Query Builder