DEBIAN-CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

CVE-2022-30123

Rack contains a sequence injection vulnerability (CVE-2022-30123) affecting Rack <2.0.9.1, <2.1.4.1, and

CVE-2022-30123

A sequence injection vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

PT-2022-16007 · Swiftterm · Swiftterm

Name of the Vulnerable Software and Affected Versions: SwiftTerm versions prior to a94e6b24d24ce9680ad79884992e1dff8e150a31 Description: The issue allows an attacker to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's...

SwiftTerm 安全漏洞

SwiftTerm is a VT100/Xterm terminal emulator library for Swift applications from the individual developer Miguel de Icaza. SwiftTerm suffers from a security vulnerability that stems from the fact that an attacker can modify the window title with a specific character escape sequence and then inser...

CLSA-2022-1669242003 Fix CVE(s): CVE-2022-45063

SECURITY UPDATE: possible RCE when using OSC 50 sequence - debian/patches/CVE-2022-45063.patch: Improve error recovery when setting a bitmap font for the VT100 window, e.g., in case OSC 50 failed, restoring the most recent valid font so that a subsequent OSC 50 reports this correctly. -...

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

CVE-2022-41897

TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix will be included in TensorFlow...

xterm before 375 allows code execution via font ops e.g. because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

...

UBUNTU-CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Code injection

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

kernel: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711-component doesn't be assigned yet. If IO error happened during initial...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37905

CVE-2022-37905 affects ArubaOS on 7xxx series controllers. The embedded OS vulnerability enables an attacker to execute arbitrary code during the boot sequence, potentially causing permanent modification of the underlying operating system. Documents corroborate this boot-time code execution risk ...

CVE-2022-37905

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37904

Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...

CVE-2022-37904

CVE-2022-37904 affects ArubaOS on 7xxx series Aruba Mobility Controllers. The issue allows controlled code execution during the boot sequence, potentially causing permanent modification to the underlying OS. Connected sources describe the vulnerability consistently across multiple vendors/securit...