Lucene search
K

130 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:8 a.m.4 views

CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS7.4AI score0.00535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.5 views

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

9.8CVSS6AI score0.01697EPSS
Exploits2References1
OSV
OSV
added 2024/12/31 11:15 p.m.4 views

UBUNTU-CVE-2024-56803

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS5.8AI score0.00535EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/31 10:48 p.m.14 views

CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS7.5AI score0.00535EPSS
Exploits0References2
OSV
OSV
added 2024/12/31 10:48 p.m.3 views

CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS7.4AI score0.00535EPSS
Exploits0References4
NVD
NVD
added 2024/06/16 1:15 a.m.35 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

9.8CVSS0.01497EPSS
Exploits1References5
OSV
OSV
added 2024/06/16 1:15 a.m.11 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

9.8CVSS8.1AI score
Exploits0References5
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.3 views

iTerm2 Security Vulnerability

iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability in iTerm2 version 3.5.x prior to 3.5.2, which originates from the unfiltered use of escape sequences to report window titles, allows an attacker to inject arbitrary code into the terminal...

9.8CVSS7.2AI score0.01697EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2024/06/16 12:0 a.m.24 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

8.1AI score0.01497EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/06/16 12:0 a.m.30 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

0.01497EPSS
Exploits1References5
CVE
CVE
added 2024/06/16 12:0 a.m.52 views

CVE-2024-38395

CVE-2024-38395 affects iTerm2 before 3.5.2: the Terminal may report window title setting is not honored, which could allow remote code execution. Noted as not trivially exploitable. A fix is available in iTerm2 3.5.2 (see GitLab tag v3.5.2); upgrade to mitigate. The connected data also documents ...

9.8CVSS7.9AI score0.01497EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/09/13 4:15 p.m.4 views

CVE-2023-4803

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

4.8CVSS5.8AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.5 views

PT-2023-30675 · Unknown · Itm Server

Name of the Vulnerable Software and Affected Versions: Insider Threat Management ITM Server versions prior to 7.14.3.69 Description: A reflected cross-site scripting issue in the "WriteWindowTitle" endpoint of the ITM Server's web console could allow an authenticated administrator to execute...

4.8CVSS5.2AI score0.003EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-26889 · Unknown · Dangerzone

Name of the Vulnerable Software and Affected Versions: Dangerzone versions prior to 0.4.2 Description: The issue affects the Dangerzone CLI, where output from the container is logged to the user's terminal. If the container is compromised, an attacker may spoof messages in the terminal or change...

3.6CVSS4AI score0.00249EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2023/07/14 12:0 a.m.19 views

SwiftTerm Code Injection vulnerability

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands...

7.8CVSS7.4AI score0.0043EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0077

The hanterm hanterm-xf terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

7.5CVSS7.6AI score0.01938EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0070

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...

6.8CVSS7.5AI score0.02078EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.2 views

SUSE CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the...

7.5CVSS7.5AI score0.03403EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.4 views

SUSE CVE-2010-2713

The vtesequencehandlerwindowmanipulation function in vteseq.c in libvte aka libvte9 in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a 1 wind...

6.8CVSS7.5AI score0.03343EPSS
Exploits1References4
Snyk
Snyk
added 2022/12/04 1:5 p.m.1 views

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

7.8CVSS7.6AI score0.0043EPSS
Exploits0References2
Rows per page
Query Builder