mosh < 1.2.1 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.
noserub < 0.5.2 - SQL Injection via Login Username Field
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.