6 matches found
CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection
RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...
CVE-2026-32948
sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process"cmd", "/c", ... to run VCS commands git, hg, svn. The URI fragment branch, tag, revision is user-controlled via the build definition and passed to these commands without...
CVE-2026-21439 badkeys vulnerable to ASCII control character injection on console via malformed input
badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...
badkeys vulnerable to ASCII control character injection on console via malformed input
Impact An attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys both --dkim and --dkim-dns, SSH keys --ssh-lines mode, and filenames in various...
EUVD-2020-29311
Malware in sbrugna...
sudo: Sudo does not escape control characters in log messages
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands,...