531 matches found
CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
UBUNTU-CVE-2024-56803
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...
PT-2024-37077 · Ghostty · Ghostty
Name of the Vulnerable Software and Affected Versions: Ghostty version 1.0.0 Description: Ghostty is a cross-platform terminal emulator that allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This...
OESA-2024-1828 vte291 security update
VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc. Security Fixes: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window...
ROS-20240704-03
Vulnerability in gnome Vte terminal is related to escape-sequence window resizing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence a related issue to CVE-2000-0476.
...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
MGASA-2024-0219 Updated vte packages fix security vulnerability
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476. CVE-2024-37535...
SUSE CVE-2024-37535
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...
CVE-2024-37535
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...
CVE-2024-37535
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...
CVE-2024-37535
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...
CVE-2024-37535
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service memory consumption via a window resize escape sequence, a related issue to CVE-2000-0476...
CVE-2024-37535
The vulnerability CVE-2024-37535 affects GNOME VTE, where versions prior to 0.76.3 mishandle a window resize escape sequence, allowing a denial of service through memory consumption. Documented across multiple advisories (ALAS, SUSE, Mariner, TencentOS, etc.) affecting the vte291 package lineage ...
CLSA-2024-1717694505 glibc: Fix of 2 CVEs
CVE-2018-11236: fix stack buffer overflow when realpath input length is close to SSIZEMAX. - CVE-2024-2961: fix out-of-bound writes in ISO-2022-CN-EXT escape sequences...
RHEL 6 : rubygems (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem CVE-2018-100007...
The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver allows a hacker to trigger a service failure or replace the display on the screen.
The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to remotely cause service failures or replace the display on the screen...
UBUNTU-CVE-2024-34507
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges%1b0000000...
RHEL 6 / 7 : rh-ruby24-ruby (RHSA-2017:3485)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3485 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...