171 matches found
SUSE SLES12 Security Update : osc (SUSE-SU-2024:2963-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2963-1 advisory. 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources'...
openSUSE Security Advisory (SUSE-SU-2024:2961-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : osc (SUSE-SU-2024:2961-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:2961-1 advisory. - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source...
SUSE-SU-2024:2963-1 Security update for osc
This update for osc fixes the following issues: 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Fix errorneous...
SUSE-SU-2024:2961-1 Security update for osc
This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. -...
PT-2024-19168 · Osc +2 · Osc +2
Name of the Vulnerable Software and Affected Versions: osc affected versions not specified Description: The issue allows attackers to manipulate the configuration of osc by injecting special files in .osc into the actual package sources, such as apiurl. This enables the attacker to alter the osc...
OPENSUSE-SU-2024:10133-1 osc-0.155.1-2.1 on GA media
These are all security issues fixed in the osc-0.155.1-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11133-1 osc-0.174.0-1.2 on GA media
These are all security issues fixed in the osc-0.174.0-1.2 package on the GA media of openSUSE Tumbleweed...
osc-vellmar.de Cross Site Scripting vulnerability OBB-3265669
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2019-3681
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that c...
SUSE CVE-2019-3685
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...
USN-5848-1 less vulnerability
David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service...
SUSE SLES12 Security Update : osc (SUSE-SU-2022:4351-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4351-1 advisory. osc was updated to version 0.182.0 bsc1154972, bsc1144211, bsc1142662, bsc1140697, bsc1138165: - Added MFA support jscOBS-203. -...
CLSA-2022-1669242003 Fix CVE(s): CVE-2022-45063
SECURITY UPDATE: possible RCE when using OSC 50 sequence - debian/patches/CVE-2022-45063.patch: Improve error recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly. -...
xterm: Arbitrary Code Execution
Background xterm is a terminal emulator for the X Window system. Description xterm does not correctly handle control characters related to OSC 50 font ops sequence handling. Impact The vulnerability allows text written to the terminal to write text to the terminal's command line. If the terminal'...
Command Injection
xterm is vulnerable to Command Injection. The vulnerability exists because an OSC 50 response may have Ctrl-g causing an attacker to inject arbitrary commands in the system...
DEBIAN-CVE-2022-45063
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...
CVE-2022-45063
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...
UBUNTU-CVE-2022-45063
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...
Design/Logic Flaw
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...