Security Bulletin 02 Nov 2022 – Cyber Security Agency of Singapore

Security Bulletin 02 Nov 2022 – Cyber Security Agency of Singapore

Security Bulletin 02 Nov 2022 – Cyber Security Agency of Singapore
CVE Number Description Base Score Reference CVE-2017-16544 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-16544 CVE-2019-0542 A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka “Xterm Remote Code Execution Vulnerability.” This affects…
Source link

About coldfusion

Check Also

Ransomware actor exploits unsupported ColdFusion servers — but comes away empty-handed

Servers are always a point of interest for threat actors as they are one of …

Leave a Reply

Your email address will not be published. Required fields are marked *