130 matches found
CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
UBUNTU-CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
iTerm2 Security Vulnerability
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability in iTerm2 version 3.5.x prior to 3.5.2, which originates from the unfiltered use of escape sequences to report window titles, allows an attacker to inject arbitrary code into the terminal...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38395
CVE-2024-38395 affects iTerm2 before 3.5.2: the Terminal may report window title setting is not honored, which could allow remote code execution. Noted as not trivially exploitable. A fix is available in iTerm2 3.5.2 (see GitLab tag v3.5.2); upgrade to mitigate. The connected data also documents ...
CVE-2023-4803
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...
PT-2023-30675 · Unknown · Itm Server
Name of the Vulnerable Software and Affected Versions: Insider Threat Management ITM Server versions prior to 7.14.3.69 Description: A reflected cross-site scripting issue in the "WriteWindowTitle" endpoint of the ITM Server's web console could allow an authenticated administrator to execute...
PT-2023-26889 · Unknown · Dangerzone
Name of the Vulnerable Software and Affected Versions: Dangerzone versions prior to 0.4.2 Description: The issue affects the Dangerzone CLI, where output from the container is logged to the user's terminal. If the container is compromised, an attacker may spoof messages in the terminal or change...
SwiftTerm Code Injection vulnerability
Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands...
SUSE CVE-2003-0077
The hanterm hanterm-xf terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
SUSE CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...
SUSE CVE-2003-0063
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the...
SUSE CVE-2010-2713
The vtesequencehandlerwindowmanipulation function in vteseq.c in libvte aka libvte9 in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a 1 wind...
Arbitrary Command Execution
Overview Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...