9 matches found
CVE-2026-45036
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
CVE-2026-45036
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
CVE-2026-45036 Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zsh
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
CVE-2026-45036
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
EUVD-2026-30567
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
CVE-2026-45036
Summary of CVE-2026-45036 : Tabby (formerly Terminus) before version 1.0.233 may automatically confirm ZMODEM protocol detection on terminal output via ZModemMiddleware, writing a fixed ZRINIT response back into the active PTY. This leads to injected bytes being consumed by the user’s shell as co...
PT-2026-41321
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
The vulnerability of the zsdata function in file-transfer tools such as zmodem/xmodem/ymodem Lrzsz, related to integer overflow, allows attackers to access confidential data and also cause service interruptions.
The vulnerability of the zsdata function in tools for transmitting files such as zmodem/xmodem/ymodem Lrzsz is related to incorrect length checking. Exploiting this vulnerability can allow attackers to access confidential data and also cause service failures...
lrzsz -- Integer overflow in zmodem, crash and information leak
[email protected] reports: Lrzsz has an integer overflow vulernability in the src/zm.c:zsdata function. An attacker could exploit this with the sz command to cause a crash or potentially leak information to the receiving server...