Lucene search
+L

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/19 9:11 p.m.9 views

CVE-2026-33642

A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...

9.9CVSS6.2AI score0.00286EPSS
Exploits1References2
OSV
OSV
added 2024/12/31 10:48 p.m.4 views

CVE-2024-56803 Ghostty improperly handles window title sequences which can lead to arbitrary command execution

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

5.1CVSS7.4AI score0.00535EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/03/01 4:33 p.m.12 views

CVE-2023-52558 OpenBSD 7.4 and 7.3 m_split() network buffer kernel crash

In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequences...

6.9AI score0.00702EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.7 views

OpenBSD Security Vulnerabilities

OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project team. A security vulnerability exists in OpenBSD versions prior to OpenBSD 7.4 errata 002, and prior to OpenBSD 7.3 errata 019, which stems from a kernel crash after receiving a specially crafted...

7.5CVSS6.7AI score0.00702EPSS
Exploits0References5
NVD
NVD
added 2023/08/10 4:15 p.m.28 views

CVE-2023-40216

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences...

5.5CVSS5.4AI score0.00137EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.4 views

The vulnerability of the Gem::UserInteraction module in the RubyGems package management system allows a hacker to compromise data integrity.

The vulnerability of the Gem::UserInteraction module in the RubyGems package management system is related to insufficient protection. Exploiting this vulnerability could allow a malicious actor to compromise data integrity by using a specially crafted escape sequence...

5.9CVSS6.6AI score0.03372EPSS
Exploits0References8Affected Software7
NVD
NVD
added 2019/06/20 2:15 p.m.19 views

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

8.5CVSS8.1AI score0.01591EPSS
Exploits0References1
Prion
Prion
added 2019/06/20 2:15 p.m.22 views

Sql injection

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

8.5CVSS8.1AI score0.01591EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2012/11/23 8:55 p.m.22 views

CVE-2012-3515

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...

7.2CVSS9.2AI score0.00528EPSS
Exploits0References41
Debian CVE
Debian CVE
added 2012/11/23 8:0 p.m.27 views

CVE-2012-3515

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."...

7.2CVSS6.6AI score0.00528EPSS
Exploits0
CERT
CERT
added 2003/02/27 12:0 a.m.38 views

gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

Overview gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences. Description gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a...

6.8CVSS7AI score0.02078EPSS
Exploits0References2
Rows per page
Query Builder