9 matches found
CVE-2022-46387
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands...
CVE-2021-3726
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
CVE-2022-46387
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands...
Cmder 安全漏洞
Cmder is a package created by Cmder Open Source purely out of frustration with the lack of available console emulators on Windows. A security vulnerability exists in versions of Cmder prior to 1.3.21, which stems from a report that the title of the terminal includes control characters, and can be...
CVE-2021-3726
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
ohmyzsh 操作系统命令注入漏洞
ohmyzsh is an open source, community-driven framework for managing your zsh configuration. An operating system command injection vulnerability exists in ohmyzsh, which stems from the "title" function defined in "lib/termsupport.zsh" that uses "print" to set the terminal title to a user-supplied...
PT-2021-21593
Name of the Vulnerable Software and Affected Versions Oh My Zsh versions prior to the version that includes commit a263cdac Description The issue arises from the title function defined in lib/termsupport.zsh, which uses print to set the terminal title to a user-supplied string. Although Oh My Zsh...
openSUSE Security Update : links (openSUSE-2019-2185)
This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...
CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...