Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:12 p.m.9 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

10CVSS7.3AI score0.02277EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 10:1 p.m.27 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Output Neutralization for Logs in the RHEL UBI (CVE-2023-28486)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28486. Vulnerability Details CVEID:CVE-2023-28486 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

5.3CVSS5.4AI score0.00922EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2023/04/12 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-6005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.8AI score0.00961EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/04/11 2:19 p.m.58 views

USN-6005-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

5.3CVSS7.3AI score0.00961EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/03/17 8:13 a.m.39 views

CVE-2023-28487

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands,...

5.3CVSS5.5AI score0.00961EPSS
Exploits0References3
OSV
OSV
added 2020/01/30 1:15 a.m.16 views

CVE-2020-8445

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

9.8CVSS7.3AI score
Exploits0References4
Rows per page
Query Builder