813 matches found
AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160.
Summary IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58160 DESCRIPTION: tracing is a framework for instrumenting Rust programs to collect...
Linux Distros Unpatched Vulnerability : CVE-2026-27587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
SUSE CVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
CVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the columns output mode, which renders string fields from eBPF events to the terminal without sanitizing control characters or ANSI escape sequences. An attacker can manipulate terminal behavior or display by...
CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
PT-2026-7900
Name of the Vulnerable Software and Affected Versions Inspektor Gadget affected versions not specified Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-005333)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005333 advisory. In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Tenable has extracted the...
CVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-4308
Name of the Vulnerable Software and Affected Versions Copilot affected versions not specified Description An issue exists in Copilot where improper neutralization of escape, meta, or control sequences can allow an unauthorized attacker to disclose information over a network. The issue involves th...
Azure Linux 3.0 Security Update: util-linux (CVE-2024-28085)
The version of util-linux installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28085 advisory. - wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to...
CLSA-2026-1768821437 pki-servlet-engine: Fix of 2 CVEs
CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences - CVE-2025-55752: fix relative path traversal vulnerability...
EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-1021)
According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.CVE-2025-463...