EUVD-2026-22371

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network...

CVE-2025-62845

An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

RLSA-2025:18298 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757 kernel: ALSA: hda/ca0132: Fix buffer overflow in...

ALSA-2025:18298 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757 kernel: ALSA: hda/ca0132: Fix buffer overflow in...

EUVD-2025-26723

Malicious code in bioql PyPI...

OESA-2024-1060 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2

...

SUSE CVE-2009-1378

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

DEBIAN-CVE-2021-33477

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline...

CVE-2021-33477

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline...

LiteSpeed OpenLiteSpeed Denial of Service Vulnerability

LiteSpeed OpenLiteSpeed is an open source lightweight HTTP server . A denial of service vulnerability exists in LiteSpeed OpenLiteSpeed versions prior to 1.5.0 RC6, which stems from the program's failure to properly handle requests for sequences of bytes, and can be exploited to cause a denial of...

USN-3464-1 wget vulnerabilities

Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2017-13089, CVE-2017-13090 Dawid Golunski...

CVE-2010-2713

The vtesequencehandlerwindowmanipulation function in vteseq.c in libvte aka libvte9 in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a 1 wind...