122 matches found
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2023-29383
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output...
SUSE CVE-2015-2317
The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...
SAMSUNG Mobile devices 格式化字符串错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2023 Release 1, which originates from the use of an externally formatted control character in STST TA that...
SUSE-SU-2022:3774-1 Security update for curl
This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion bsc1204383. - CVE-2022-35252: Fixed a potential injection of control characters into cookies bsc1202593...
SUSE-SU-2022:3005-1 Security update for curl
This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service bsc1202593...
SUSE-SU-2022:3003-1 Security update for curl
This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service bsc1202593...
Nextcloud Server < 20.0.14.4, 21.x < 21.0.8, 22.x < 22.2.4, 23.x < 23.0.1 Control Character Filtering Vulnerability (GHSA-w3h6-p64h-q9jp)
Nextcloud Server is prone to a control character filtering vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-31267
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
Privilege escalation
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'email protected\n\trole = "admin"' value...
CVE-2022-31267
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
GHSA-7FQ8-4PV5-5W5C Django cross-site scripting (XSS) attack via user-supplied redirect URLs
The utils.http.issafeurl function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a control character in a URL, as demonstrated by a...
CVE-2021-44212
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...
CVE-2021-44212
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...
CVE-2021-44212
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...
Cross site scripting
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring...
GHSA-R4GV-VJ59-CCCM Control character injection in console output in github.com/ipfs/go-ipfs
Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. Patches - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 For more information If you have any questions...
SUSE-SU-2021:0299-1 Security update for python-urllib3
This update for python-urllib3 fixes the following issues: - Raise ValueError if method contains control characters and thus prevents CRLF injection into URLs bsc1177211, bpo39603, CVE-2020-26116,...
OpenMage: Very long names on demo.openmage.org could redirect victim users to malicious url redirects via email contacts.
Summary: We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains malware or...