167 matches found
GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...
Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...
SUSE CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
DEBIAN-CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
CVE-2026-40505
Technical details (affected product versions, root-cause specifics, and remediation steps) are not publicly provided in the supplied documents. The sources reiterate a MuPDF mutool PDF-metadata sanitization issue but do not include concrete technical specifics.
CVE-2026-40505
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...
Linux Distros Unpatched Vulnerability : CVE-2026-40505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadat...
PT-2026-33222
Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...
JLSEC-2026-105 Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...
Improper Neutralization
Soft Serve is vulnerable to improper neutralization. The vulnerability is due to insufficient sanitization of user-supplied inputs and git messages, which allows an attacker to inject malicious ANSI escape sequences and display misleading or fake terminal outputs such as alerts...
SUSE CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
CVE-2026-40228
In systemd 259, the vulnerability affects the systemd-journald component. When a user executes a command like logger -p emerg and ForwardToWall=yes is set, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users. This is triggered by the ForwardToWall setting and does ...
CVE-2026-40228
In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...
Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108 Terminal Escape Injection in mmctl Report Posts Command
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160.
Summary IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58160 DESCRIPTION: tracing is a framework for instrumenting Rust programs to collect...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...