GitHub CLI 安全漏洞

GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...

PT-2026-39238

Name of the Vulnerable Software and Affected Versions kanban versions 0.1.0 through 0.1.59 cline versions prior to 2.13.1 Description The kanban npm package, used by the cline CLI, implements a WebSocket server on 127.0.0.1:3484 that lacks Origin header validation. Because WebSocket connections...

FreeBSD 资源管理错误漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a resource management vulnerability in FreeBSD, which stems from the TIOCNOTTY implementation failing to clear the pointer pointing to the control terminal structure of the calling process. This could allow...

EUVD-2019-13048

Malware in sbrugna...

EUVD-2020-29311

Malware in sbrugna...

EUVD-2018-2985

Malware in sbrugna...

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

UBUNTU-CVE-2024-52005

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

PT-2024-30655 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometim...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Output Neutralization for Logs in the RHEL UBI (CVE-2023-28486)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28486. Vulnerability Details CVEID:CVE-2023-28486 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-28487)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28487. Vulnerability Details CVEID:CVE-2023-28487 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

sudo: Sudo does not escape control characters in log messages

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands,...

Ubuntu: Security Advisory (USN-6005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6005-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

CVE-2023-28487

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands,...

CVE-2023-28486

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands,...

DEBIAN-CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

UBUNTU-CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

UltraVNC has an unspecified vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. versions of UltraVNC prior to 1.3.8.0 have a security vulnerability in the DSM plug-in that can be exploited by a locally authenticated attacker to achieve Local Elevation of Privilege LPE on vulnerable systems...

openSUSE 15 Security Update : libX11 (openSUSE-SU-2021:1897-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1897-1 advisory. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor...