11 matches found
SUSE CVE-2025-5264
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...
CLSA-2026-1777661044 vim: Fix of CVE-2026-33412
CVE-2026-33412: fix OS command injection via newline in glob by adding \n to SHELLSPECIAL in src/osunix.c so newlines are escaped before the pattern is passed to the user's shell...
CLSA-2026-1777386117 Fix CVE(s): CVE-2026-33412
SECURITY UPDATE: Command injection via newline in glob on Unix-like systems - debian/patches/CVE-2026-33412.patch: add '\n' to the SHELLSPECIAL macro in src/osunix.c so mchexpandwildcards escapes embedded newlines before passing the glob pattern to the shell - CVE-2026-33412...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2026:1607-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1607-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline...
Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987445)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987445 advisory. Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to loc...
Linux Distros Unpatched Vulnerability : CVE-2025-5264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading t...
Astra Linux – Vulnerability in Firefox and Thunderbird
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user’s system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...
AZL-34977 CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...
DEBIAN-CVE-2020-6581
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
UBUNTU-CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...