Lucene search
K

2171 matches found

OSV
OSV
added 2026/04/22 6:50 p.m.4 views

GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...

6.9CVSS5.9AI score0.0056EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/22 6:50 p.m.13 views

Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...

9.8CVSS5.9AI score0.0056EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:9 p.m.5 views

CVE-2026-35377

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:9 p.m.13 views

CVE-2026-35375

CVE-2026-35375 concerns the uutils coreutils split utility, where a logic error causes output filenames to be corrupted when given non-UTF-8 prefixes/suffixes. The code uses to_string_lossy() to build chunk filenames, which rewrites invalid bytes as the UTF-8 replacement character (U+FFFD). Unlik...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35366

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.7 views

CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the http.cookies.Morsel.jsoutput function returning inline script fragments and only escaping double quotes. This approach fails to neutralize the HTML...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.16 views

PT-2026-34581

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.9AI score0.00356EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34513

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability stems from the comm utility, which silently damages data by performing a destructive UTF-8 conversion on all output lines. This...

3.3CVSS5.8AI score0.00175EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 3:34 p.m.7 views

USN-8192-1 ntfs-3g vulnerabilities

Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2023-52890 Andrea...

8.4CVSS6AI score0.00165EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.9 views

iTerm2 安全漏洞

iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...

7.8CVSS5.9AI score0.00199EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/18 12:0 a.m.9 views

SUSE SLED15: iproute2 / iproute2-arpd / iproute2-bash-completion / etc (SUSE-SU-2026:1418-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1418-1 advisory. This update for iproute2 fixes the following issue: - CVE-2024-58251: denial of service via terminal escape sequences...

2.5CVSS5.8AI score0.00238EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/17 12:31 p.m.10 views

SUSE CVE-2003-0972

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" semicolon characters in escape sequences, which leads to a buffer overflow...

10CVSS6.5AI score0.03401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 8:18 a.m.31 views

CVE-2026-6494 Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the toolsetroute parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control...

5.3CVSS0.00314EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a logger -p emerg command is executed, if...

3.3CVSS5.7AI score0.00173EPSS
Exploits1References3
Fedora
Fedora
added 2026/04/16 11:42 p.m.10 views

[SECURITY] Fedora 44 Update: kf6-kcoreaddons-6.25.0-1.fc44

KCoreAddons provides classes built on top of QtCore to perform various tasks such as manipulating mime types, autosaving files, creating backup files, generating random sequences, performing text manipulations such as macro replacement, accessing user information and many more...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/16 11:28 p.m.5 views

SUSE CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/16 4:43 p.m.6 views

Security update for iproute2

This update for iproute2 fixes the following issue: CVE-2024-58251: denial of service via terminal escape sequences bsc1254324. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

2.8CVSS5.7AI score0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 4:43 p.m.4 views

SUSE-SU-2026:1418-1 Security update for iproute2

This update for iproute2 fixes the following issue: - CVE-2024-58251: denial of service via terminal escape sequences bsc1254324...

2.5CVSS5.8AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder