289 matches found
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...
Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...
SUSE CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CLSA-2026-1768300651 git: Fix of CVE-2024-50349
CVE-2024-50349: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively...
DEBIAN-CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505
Technical details (affected product versions, root-cause specifics, and remediation steps) are not publicly provided in the supplied documents. The sources reiterate a MuPDF mutool PDF-metadata sanitization issue but do not include concrete technical specifics.
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505 MuPDF < 1.27 mutool ANSI Injection via Metadata
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
PT-2026-33222
Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...
Linux Distros Unpatched Vulnerability : CVE-2026-40505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadat...
JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...
Improper Neutralization
Soft Serve is vulnerable to improper neutralization. The vulnerability is due to insufficient sanitization of user-supplied inputs and git messages, which allows an attacker to inject malicious ANSI escape sequences and display misleading or fake terminal outputs such as alerts...
SUSE CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-35651
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...
CVE-2026-35651 OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to...