54 matches found
PT-2023-7977 · Freebsd · Freebsd
Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1 Description: The pf4 packet filter in FreeBSD incorrectly validates TCP sequence...
Rocky Linux 8 : binutils (RLSA-2021:4595)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4595 advisory. - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via...
CVE-2023-40216
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...
SUSE CVE-2012-3867
lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...
ROS-20230210-01
The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...
Microsoft PowerShell Remote Code Execution Vulnerability (Dec 2022) - Windows
This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2022-41076. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
EulerOS 2.0 SP8 : binutils (EulerOS-SA-2022-2789)
According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-38126 An issue was...
Kitty: Arbitrary Code Execution
Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...
Injection in Jenkins
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...
Amazon Linux 2 : gcc10, gcc (ALAS-2022-1784)
The version of gcc installed on the remote host is prior to 7.3.1-14. The version of gcc10 installed on the remote host is prior to 10.3.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1784 advisory. A flaw was found in the way Unicode standards are implemented ...
AlmaLinux 8 : gcc-toolset-11-annobin (ALSA-2021:4591)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4591 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...
CVE-2021-25743
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...
DEBIAN-CVE-2021-25743
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...
CVE-2021-25743 ANSI escape characters in kubectl output are not being filtered
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...
CVE-2021-25743
CVE-2021-25743 (kubectl escape sequences) The event/Events fields output by kubectl to terminals can include uncontrolled escape, meta, or control sequences. The entry states kubectl does not neutralize these sequences in raw data, potentially enabling terminal spoofing or manipulation via the af...
Kubernetes 安全漏洞
Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that...
The vulnerability of the Eterm, Mrxyt, Rxyt-unicode software lies in their SSL-Proxy function, which allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Eterm, Mrxyt, Rxyt, and Rxyt-unicode software lies in the improper handling of certain control sequences. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...