Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993278 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Have traceeventfile have ref counters The following can crash the kernel: cd...

SUSE CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

UBUNTU-CVE-2025-58160

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

CVE-2025-58160

CVE-2025-58160 affects Rust tracing-subscriber prior to 0.3.20. Untrusted input with ANSI escape sequences could be injected into terminal output, potentially allowing manipulation of terminal title bars, screen clearing, or display changes. The vulnerability is fixed in 0.3.20 by escaping ANSI c...

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

Malicious code in web-tracing-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d674f85473fd77e47a56d9990b9d2d658b64ca5e73a22bdc73cc8449e461e84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2286 Malicious code in web-tracing-framework (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d674f85473fd77e47a56d9990b9d2d658b64ca5e73a22bdc73cc8449e461e84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-35324

Name of the Vulnerable Software and Affected Versions tracing-subscriber versions prior to 0.3.20 Description tracing-subscriber was susceptible to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged,...

CLSA-2024-1729874131 kernel: Fix of 43 CVEs

drm/amdgpu: Validate TA binary size CVE-2024-44977 - drm/amd/display: Avoid overflow from uint32t to uint8t CVE-2024-47661 - scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo CVE-2024-46842 - ALSA: line6: Fix racy access to midibuf CVE-2024-44954 - exec: Fix ToCToU between perm check and...

Sun Solaris DTrace动态追踪框架信息泄露漏洞

BUGTRAQ ID: 27942 Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris 10 DTrace（请见dtrace1M）动态追踪框架中的安全漏洞可能允许给予了PRIVDTRACEUSER或PRIVDTRACEPROC权限（请见privileges5）的本地用户或非全局区执行一些内核级追踪，然后这些用户就可以访问敏感信息。 Sun Solaris 10x86 Sun Solaris 10.0 临时解决方法：...

Design/Logic Flaw

Unspecified vulnerability in the dynamic tracing framework DTrace in Sun Solaris 10 allows local users with PRIVDTRACEUSER or PRIVDTRACEPROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126...

Design/Logic Flaw

Unspecified vulnerability in the dynamic tracing framework DTrace on Sun Solaris 10 before 20070730 allows local users with PRIVDTRACEUSER privileges to cause a denial of service panic or hang via unspecified use of certain DTrace programs...