11 matches found
CVE-2026-33642
A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...
CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
CVE-2023-52558 OpenBSD 7.4 and 7.3 m_split() network buffer kernel crash
In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences...
OpenBSD Security Vulnerabilities
OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project team. A security vulnerability exists in OpenBSD versions prior to OpenBSD 7.4 errata 002, and prior to OpenBSD 7.3 errata 019, which stems from a kernel crash after receiving a specially crafted...
CVE-2023-40216
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...
The vulnerability of the Gem::UserInteraction module in the RubyGems package management system allows a hacker to compromise data integrity.
The vulnerability of the Gem::UserInteraction module in the RubyGems package management system is related to insufficient protection. Exploiting this vulnerability could allow a malicious actor to compromise data integrity by using a specially crafted escape sequence...
CVE-2019-6962
A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...
Sql injection
A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...
CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...
CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...
gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences
Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...