Lucene search
+L

130 matches found

Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.4 views

PT-2024-2532 · Unknown +6 · Util-Linux +6

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.40 Description: The wall command in util-linux versions through 2.40 does not properly filter escape sequences received from command line arguments. This allows a local attacker to potentially inject escape...

6.2CVSS5.2AI score0.02242EPSS
Exploits4References140
ATTACKERKB
ATTACKERKB
added 2023/11/07 4:20 a.m.6 views

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

6.5CVSS5.8AI score0.00899EPSS
Exploits1References4
Prion
Prion
added 2023/11/07 4:20 a.m.23 views

Sql injection

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

4.3CVSS7.2AI score0.00899EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.35 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-3945-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3945-1 advisory. It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary...

8.8CVSS7.3AI score0.04212EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/08/14 12:0 a.m.6 views

PT-2023-27460 · Docker · Docker Machine

Name of the Vulnerable Software and Affected Versions: Docker Machine versions 0.16.2 and earlier Description: The issue allows an attacker, who has control of a worker node, to provide crafted version data. This might potentially trick an administrator into performing an unsafe action via escape...

6.5CVSS7.2AI score0.00899EPSS
Exploits1References8
CVE
CVE
added 2023/08/14 12:0 a.m.43 views

CVE-2023-40453

CVE-2023-40453 affects Docker Machine versions 0.16.2 and earlier. A compromised worker node can supply crafted version data, potentially tricking an administrator into unsafe actions via escape sequence injection, or cause a denial of service to a bastion node. Red Hat and OSV records corroborat...

6.5CVSS6.5AI score0.00899EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/06/29 8:28 p.m.8 views

CLSA-2023-1688070489 Fix CVE(s): CVE-2022-28391

SECURITY UPDATE: some applets are vulnerable to escape sequence injection when used from an VT compatible terminal - debian/patches/CVE-2022-28391.patch: sockaddr2str: ensure only printable characters are returned for the hostname part - CVE-2022-28391 Fix cpio.tests -...

8.8CVSS6.9AI score0.03492EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.52 views

K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...

8.8CVSS7.1AI score0.03372EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.5 views

SUSE CVE-2010-3928

Ruby Version Manager RVM before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are...

6.8CVSS8AI score0.01786EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.2 views

SUSE CVE-2019-8321

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

7.5CVSS7.5AI score0.03372EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.4 views

SUSE CVE-2019-8323

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS7.4AI score0.03372EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.5 views

SUSE CVE-2019-8322

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS7.5AI score0.03372EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.4 views

SUSE CVE-2019-8325

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

7.5CVSS7.4AI score0.03372EPSS
Exploits0References8
OSV
OSV
added 2022/09/29 3:15 a.m.4 views

CVE-2020-15334

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...

5.3CVSS5.8AI score0.00784EPSS
Exploits1References2
Prion
Prion
added 2022/09/29 3:15 a.m.15 views

Sql injection

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file...

5CVSS5.6AI score0.00784EPSS
Exploits1References2Affected Software1
Amazon
Amazon
added 2022/07/07 12:0 a.m.46 views

Medium: busybox

Issue Overview: An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of...

8.8CVSS7.8AI score0.03492EPSS
Exploits1
RubySec
RubySec
added 2022/05/13 12:0 a.m.15 views

Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

10CVSS6.8AI score0.04581EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/11/27 8:14 p.m.11 views

MGASA-2020-0440 Updated jruby packages fix security vulnerabilities

Response Splitting attack in the HTTP server of WEBrick CVE-2017-17742. Delete directory using symlink when decompressing tar CVE-2019-8320. Escape sequence injection vulnerability in verbose CVE-2019-8321. Escape sequence injection vulnerability in gem owner CVE-2019-8322. Escape sequence...

8.8CVSS7AI score0.0576EPSS
Exploits2References6
OSV
OSV
added 2020/07/27 12:15 p.m.8 views

CVE-2020-7694

This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...

7.5CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2020/07/27 12:15 p.m.16 views

Design/Logic Flaw

This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...

5CVSS7.7AI score0.01345EPSS
Exploits1References2
Rows per page
Query Builder