Lucene search
K

926 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 3:5 p.m.4 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

7.4CVSS5.8AI score0.00753EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:5 p.m.33 views

CVE-2026-7865 Hidden Console Command

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

7.4CVSS0.00753EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37084

Name of the Vulnerable Software and Affected Versions Crestron devices affected versions not specified Description A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is...

7.4CVSS5.9AI score0.00753EPSS
Exploits0References5
CloudLinux
CloudLinux
added 2026/05/02 1:1 a.m.13 views

cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS6AI score0.00502EPSS
Exploits1
OSV
OSV
added 2026/05/02 1:1 a.m.6 views

CLSA-2026-1777541087 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS5.8AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/30 9:54 p.m.9 views

CLSA-2026-1777586051 openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 9:49 p.m.7 views

CLSA-2026-1777585781 openssh: Fix of CVE-2026-35386

CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Important: python3.12

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.12 views

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
OSV
OSV
added 2026/04/28 4:20 p.m.6 views

CLSA-2026-1777393200 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user...

7.5CVSS6.4AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/28 4:14 p.m.20 views

CLSA-2026-1777392877 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user...

7.5CVSS6.4AI score0.00502EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/27 3:6 p.m.11 views

cpython: Incomplete control character validation in http.cookies

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update, |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

7.5CVSS5.3AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/27 3:6 p.m.7 views

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.3AI score0.00401EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: python3 (UTSA-2026-014307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014307 advisory. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters...

6CVSS5.2AI score0.00401EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 9:53 p.m.5 views

CLSA-2026-1777026478 Fix CVE(s): CVE-2026-34980

SECURITY UPDATE: control-character injection in scheduler option handling - debian/patches/CVE-2026-34980.patch: filter control characters from IPP string option values and reject "special" PPD keywords cupsFilter, cupsFilter2, etc. reported back by job filters to prevent filter/command injection...

7.5CVSS6AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 4:18 p.m.8 views

CLSA-2026-1777042487 Fix CVE(s): CVE-2026-34980

SECURITY UPDATE: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job. - debian/patches/CVE-2026-34980.patch: filter out control characters from IPP option values in scheduler/job.c and filter out special PPD keywords in the CUPSDLOGPPD bran...

7.5CVSS6AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 4:14 p.m.7 views

CLSA-2026-1776788057 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...

7.5CVSS6AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 10:29 a.m.8 views

CLSA-2026-1776767380 cups: Fix of 3 CVEs

CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job - CVE-2026-39314: range check job-password-supported to prevent integer underflow in ppdCreateFromIPP - CVE-2026-39316: expire per-printer subscriptions before deleting the...

7.5CVSS6AI score0.00502EPSS
Exploits3References1
OSV
OSV
added 2026/04/20 12:13 p.m.8 views

CLSA-2026-1776687226 Fix CVE(s): CVE-2024-52005

SECURITY UPDATE: ANSI escape sequence injection via sideband - debian/patches/CVE-2024-52005.patch: add strbufaddsanitized to mask control characters in sideband output in sideband.c. - CVE-2024-52005...

8.8CVSS7.2AI score0.00494EPSS
Exploits1References1
Slackware Linux
Slackware Linux
added 2026/04/17 9:29 p.m.11 views

[slackware-security] cups

New cups packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.17-i586-1slack15.0.txz: Upgraded. This update fixes security issues: The scheduler treated local user and group names as...

7.8CVSS5.8AI score0.00502EPSS
Exploits7
Rows per page
Query Builder