Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.10 views

SUSE CVE-2025-5264

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...

4.8CVSS7AI score0.00135EPSS
Exploits0References12
OSV
OSV
added 2026/05/01 6:44 p.m.9 views

CLSA-2026-1777661044 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix OS command injection via newline in glob by adding \n to SHELLSPECIAL in src/osunix.c so newlines are escaped before the pattern is passed to the user's shell...

7.3CVSS7.1AI score0.00834EPSS
Exploits0References1
OSV
OSV
added 2026/04/28 2:22 p.m.5 views

CLSA-2026-1777386117 Fix CVE(s): CVE-2026-33412

SECURITY UPDATE: Command injection via newline in glob on Unix-like systems - debian/patches/CVE-2026-33412.patch: add '\n' to the SHELLSPECIAL macro in src/osunix.c so mchexpandwildcards escapes embedded newlines before passing the glob pattern to the shell - CVE-2026-33412...

7.3CVSS5.8AI score0.00834EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.9 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : vim (SUSE-SU-2026:1607-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1607-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline...

9.2CVSS6.9AI score0.00834EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987445 advisory. Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to loc...

4.8CVSS7AI score0.00135EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-5264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading t...

4.8CVSS7AI score0.00135EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user’s system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...

4.8CVSS7AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2023/10/27 8:15 p.m.8 views

AZL-34977 CVE-2023-46853 affecting package memcached for versions less than 1.6.27-1

In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n...

9.8CVSS7.4AI score0.00756EPSS
Exploits0References1
OSV
OSV
added 2020/03/16 6:15 p.m.1 views

DEBIAN-CVE-2020-6581

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection...

7.3CVSS7.5AI score0.01612EPSS
Exploits1References1
NVD
NVD
added 2017/10/19 8:29 a.m.13 views

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS5.9AI score0.00923EPSS
Exploits1References1
OSV
OSV
added 2017/10/19 8:29 a.m.2 views

UBUNTU-CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.4AI score0.00923EPSS
Exploits1References3
Rows per page
Query Builder