PT-2026-47004

In tmux before version 3.1c the function input csi dispatch sgr colon in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output...

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

CLSA-2025-1764062286 edk2: Fix of 2 CVEs

CVE-2023-45236: fix TCP Initial Sequence Number generation in NetworkPkg to prevent predictable sequence numbers - CVE-2023-45237: fix weak pseudo-random number generator in NetworkPkg to prevent predictable TCP sequence numbers...

EUVD-2013-0330

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-20167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe cat README.md command when \epn is used. A...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the inclusion of 0 chunks when submitting the cs command, resulting in a null pointer dereference...

SUSE CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

DEBIAN-CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

UBUNTU-CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

Sick MSC800 安全特征问题漏洞

The Sick MSC800 is a programmable logic controller PLC from Sick, Germany. A security vulnerability exists in the Sick MSC800 prior to 4.15 that allows an attacker to predict the initial TCP sequence number. When the TCP sequence was predictable, an attacker could send packets disguised as coming...

openSUSE Security Update : axel (openSUSE-2020-778)

This update for axel fixes the following issues : axel was updated to 2.17.8 : - CVE-2020-13614: SSL Certificate Hostnames were not verified boo1172159 - Replaced progressbar line clearing with terminal control sequence - Fixed parsing of Content-Disposition HTTP header - Fixed User-Agent HTTP...

MGASA-2019-0031 Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

DEBIAN-CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

PT-2018-15281 · Enlightenment +1 · Terminology +1

Name of the Vulnerable Software and Affected Versions: Terminology versions prior to 1.3.1 Description: The issue allows Remote Code Execution due to the mishandling of popmedia. This can be demonstrated by an unsafe command, such as "cat README.md", when a specific sequence is used. A popmedia...

CVE-2018-1000193

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and canno...

Debian DLA-347-1 : putty security update

It was discovered that PuTTY's terminal emulator did not properly validate the parameter to the ECH erase characters control sequence, allowing a denial of service and possibly remote code execution. For the oldoldstable distribution squeeze, this problem has been fixed in version...

DLA-347-1 putty - security update

Bulletin has no description...

Updated putty packages fix security vulnerability

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...

MGASA-2015-0442 Updated putty packages fix security vulnerability

Versions of PuTTY 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator CVE-2015-5309...

FreeBSD : PuTTY -- memory corruption in terminal emulator's erase character handling (0cb0afd9-86b8-11e5-bf60-080027ef73ec)

Ben Harris reports : Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be ab...