Lucene search
K

54 matches found

Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.6 views

PT-2023-7977 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 12.4-RELEASE through 12.4-RELEASE-p8 FreeBSD versions 13.2-RELEASE through 13.2-RELEASE-p6 FreeBSD versions 14.0-RELEASE through 14.0-RELEASE-p1 Description: The pf4 packet filter in FreeBSD incorrectly validates TCP sequence...

7.8CVSS7.5AI score0.00742EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.27 views

Rocky Linux 8 : binutils (RLSA-2021:4595)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4595 advisory. - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via...

8.3CVSS7.6AI score0.12205EPSS
Exploits4References3
OSV
OSV
added 2023/08/10 4:15 p.m.6 views

CVE-2023-40216

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...

5.5CVSS5.5AI score0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/13 10:34 p.m.49 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS5.2AI score0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/13 10:34 p.m.13 views

CVE-2023-37275 System logs spoofable in Auto-GPT via ANSI control sequences

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

3.1CVSS7.4AI score0.00381EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.6 views

SUSE CVE-2012-3867

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

4.3CVSS6.7AI score0.02453EPSS
Exploits1References4
Redos
Redos
added 2023/02/10 12:0 a.m.66 views

ROS-20230210-01

The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...

7.5CVSS7.7AI score0.01412EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.33 views

Microsoft PowerShell Remote Code Execution Vulnerability (Dec 2022) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2022-41076. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.5CVSS8.8AI score0.61605EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2022/12/08 12:0 a.m.32 views

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2022-2789)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-38126 An issue was...

8.3CVSS7AI score0.12205EPSS
Exploits4References3
Gentoo Linux
Gentoo Linux
added 2022/09/29 12:0 a.m.25 views

Kitty: Arbitrary Code Execution

Background Kitty is a fast, feature-rich, GPU-based terminal. Description Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands. Impact Kitty can produce notifications that...

7.8CVSS4.4AI score0.00499EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.21 views

Injection in Jenkins

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

4.3CVSS4.7AI score0.01045EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/27 12:0 a.m.445 views

Amazon Linux 2 : gcc10, gcc (ALAS-2022-1784)

The version of gcc installed on the remote host is prior to 7.3.1-14. The version of gcc10 installed on the remote host is prior to 10.3.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1784 advisory. A flaw was found in the way Unicode standards are implemented ...

8.3CVSS7.6AI score0.12205EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.49 views

AlmaLinux 8 : gcc-toolset-11-annobin (ALSA-2021:4591)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4591 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control...

8.3CVSS7.7AI score0.12205EPSS
Exploits4References2
OSV
OSV
added 2022/01/07 12:15 a.m.21 views

CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...

3CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2022/01/07 12:15 a.m.1 views

DEBIAN-CVE-2021-25743

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...

3CVSS6.3AI score0.00778EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/07 12:0 a.m.37 views

CVE-2021-25743 ANSI escape characters in kubectl output are not being filtered

kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...

3CVSS4.5AI score0.00778EPSS
Exploits0References2
CVE
CVE
added 2022/01/07 12:0 a.m.180 views

CVE-2021-25743

CVE-2021-25743 (kubectl escape sequences) The event/Events fields output by kubectl to terminals can include uncontrolled escape, meta, or control sequences. The entry states kubectl does not neutralize these sequences in raw data, potentially enabling terminal spoofing or manipulation via the af...

3CVSS4AI score0.00778EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.4 views

Kubernetes 安全漏洞

Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that...

3CVSS7.5AI score0.00778EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.5 views

The vulnerability of the Eterm, Mrxyt, Rxyt-unicode software lies in their SSL-Proxy function, which allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Eterm, Mrxyt, Rxyt, and Rxyt-unicode software lies in the improper handling of certain control sequences. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

8.8CVSS7.6AI score0.04012EPSS
Exploits1References7Affected Software6
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.52 views

openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...

9.8CVSS7.7AI score0.10634EPSS
Exploits2References4
Rows per page
Query Builder