Lucene search
K

171 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.13 views

SUSE SLES12 Security Update : osc (SUSE-SU-2024:2963-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2963-1 advisory. 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources'...

5.5CVSS5.6AI score0.00209EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/08/20 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:2961-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/08/20 12:0 a.m.12 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : osc (SUSE-SU-2024:2961-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2961-1 advisory. - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source...

5.5CVSS6AI score0.00209EPSS
Exploits0References8
OSV
OSV
added 2024/08/19 12:6 p.m.10 views

SUSE-SU-2024:2963-1 Security update for osc

This update for osc fixes the following issues: 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Fix errorneous...

5.5CVSS5.2AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 2024/08/19 12:6 p.m.12 views

SUSE-SU-2024:2961-1 Security update for osc

This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. -...

5.5CVSS5.9AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.4 views

PT-2024-19168 · Osc +2 · Osc +2

Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...

5.5CVSS6.5AI score0.00209EPSS
Exploits0References36
OSV
OSV
added 2024/06/15 12:0 a.m.12 views

OPENSUSE-SU-2024:10133-1 osc-0.155.1-2.1 on GA media

These are all security issues fixed in the osc-0.155.1-2.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS6.2AI score0.03608EPSS
Exploits0References2
OSV
OSV
added 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:11133-1 osc-0.174.0-1.2 on GA media

These are all security issues fixed in the osc-0.174.0-1.2 package on the GA media of openSUSE Tumbleweed...

9.8CVSS8.7AI score0.01424EPSS
Exploits2References2
Openbugbounty
Openbugbounty
added 2023/04/17 1:35 p.m.9 views

osc-vellmar.de Cross Site Scripting vulnerability OBB-3265669

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-3681

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...

4.2CVSS7AI score0.01424EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

7.4CVSS7AI score0.00714EPSS
Exploits1References7
OSV
OSV
added 2023/02/09 5:45 a.m.3 views

USN-5848-1 less vulnerability

David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service...

7.5CVSS5.8AI score0.01412EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/08 12:0 a.m.30 views

SUSE SLES12 Security Update : osc (SUSE-SU-2022:4351-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4351-1 advisory. osc was updated to version 0.182.0 bsc1154972, bsc1144211, bsc1142662, bsc1140697, bsc1138165: - Added MFA support jscOBS-203. -...

9.8CVSS6.7AI score0.01424EPSS
Exploits2References29
OSV
OSV
added 2022/11/23 10:20 p.m.8 views

CLSA-2022-1669242003 Fix CVE(s): CVE-2022-45063

SECURITY UPDATE: possible RCE when using OSC 50 sequence - debian/patches/CVE-2022-45063.patch: Improve error recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly. -...

9.8CVSS5.8AI score0.04949EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2022/11/22 12:0 a.m.45 views

xterm: Arbitrary Code Execution

Background xterm is a terminal emulator for the X Window system. Description xterm does not correctly handle control characters related to OSC 50 font ops sequence handling. Impact The vulnerability allows text written to the terminal to write text to the terminal's command line. If the terminal'...

9.8CVSS3.3AI score0.04949EPSS
Exploits1
Veracode
Veracode
added 2022/11/16 8:42 a.m.17 views

Command Injection

xterm is vulnerable to Command Injection. The vulnerability exists because an OSC 50 response may have Ctrl-g causing an attacker to inject arbitrary commands in the system...

9.8CVSS9AI score0.04949EPSS
Exploits1References15Affected Software1
OSV
OSV
added 2022/11/10 4:15 p.m.2 views

DEBIAN-CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

9.8CVSS8.7AI score0.04949EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/11/10 4:15 p.m.5 views

CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

9.8CVSS7.6AI score0.04949EPSS
Exploits1References15
OSV
OSV
added 2022/11/10 4:15 p.m.7 views

UBUNTU-CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

9.8CVSS6.2AI score0.04949EPSS
Exploits1References7
Prion
Prion
added 2022/11/10 4:15 p.m.27 views

Design/Logic Flaw

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

7.5CVSS9.5AI score0.04949EPSS
Exploits1References9Affected Software2
Rows per page
Query Builder