Ubuntu 22.04 LTS : Zutty vulnerability (USN-8078-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8078-1 advisory. Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary...

MiracleLinux 3 : xterm-215-5AXS3.2 (AXSA:2009-04:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-04:01 advisory. The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the...

EUVD-2022-48724

Malicious code in bioql PyPI...

EUVD-2022-44379

Malicious code in bioql PyPI...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

Fedora 38 : kitty (2023-a004ecb3f8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a004ecb3f8 advisory. version 0.29.1 fixes CVE-2008-2383 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Vim's embedded terminal allows injection via DECRQSS response

Description DECRQSS is a terminal response that replies with certain information about the terminal. Various terminals have bugs where a piece of data from the request i.e. data that the terminal receives is echoed back in the reply. In some cases this is enough to make it so if untrusted data...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

CVE-2022-45872

CVE-2022-45872 affects iTerm2 prior to 3.4.18, where a DECRQSS response is mishandled. The issue concerns iTerm2 (macOS) with the vulnerability stemming from the mishandling in the DECRQSS parsing, and is described with CVSS v3.1 base metrics of 9.8 (CRITICAL) impacting confidentiality, integrity...

iTerm2 安全漏洞

iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 version 3.4.18 that stems from incorrectly handling DECRQSS responses...

PT-2022-27662 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.4.18 Description: The issue is related to the mishandling of a DECRQSS response. Recommendations: For versions prior to 3.4.18, update to version 3.4.18 or later to resolve the issue...

Zutty: Arbitrary Code Execution

Background Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders. Description Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal. Impact Untrusted text written to the Zutty terminal can achieve arbitrary...

GLSA-202209-25 : Zutty: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202209-25 Zutty: Arbitrary Code Execution - In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. CVE-2022-41138 Note that Nessus has not tested for this issue but has instead relied...

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

Code injection

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...

CVE-2022-41138

In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution...