CVE-2024-27936

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

OpenBSD Security Vulnerabilities

OpenBSD is a cross-platform, BSD-based, UNIX-like operating system from the Canadian OpenBSD project team. A security vulnerability exists in OpenBSD versions prior to OpenBSD 7.4 errata 002, and prior to OpenBSD 7.3 errata 019, which stems from a kernel crash after receiving a specially crafted...

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

Sql injection

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-3945-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3945-1 advisory. It was discovered that Ruby incorrectly handled certain RubyGems. An attacker could possibly use this issue to execute arbitrary...

less: Denial of service

Background less is a pager and text file viewer. Description less suffered from a flaw in its terminal escape sequence handling which made its filtering incomplete. Impact Malicious input could clear the terminal output or otherwise manipulate it with faked interactions. Workaround There is no...

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

CVE-2023-40453

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action via escape sequence injection, or might have a data size that causes a denial of service to a bastio...

CVE-2023-40453

CVE-2023-40453 affects Docker Machine versions 0.16.2 and earlier. A compromised worker node can supply crafted version data, potentially tricking an administrator into unsafe actions via escape sequence injection, or cause a denial of service to a bastion node. Red Hat and OSV records corroborat...

PT-2023-27460 · Docker · Docker Machine

Name of the Vulnerable Software and Affected Versions: Docker Machine versions 0.16.2 and earlier Description: The issue allows an attacker, who has control of a worker node, to provide crafted version data. This might potentially trick an administrator into performing an unsafe action via escape...

Fedora 38 : kitty (2023-a004ecb3f8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a004ecb3f8 advisory. version 0.29.1 fixes CVE-2008-2383 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SwiftTerm Code Injection vulnerability

Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands...

CLSA-2023-1688070489 Fix CVE(s): CVE-2022-28391

SECURITY UPDATE: some applets are vulnerable to escape sequence injection when used from an VT compatible terminal - debian/patches/CVE-2022-28391.patch: sockaddr2str: ensure only printable characters are returned for the hostname part - CVE-2022-28391 Fix cpio.tests -...

Huawei EulerOS: Security Advisory for less (EulerOS-SA-2023-2125)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K17270: OpenSSH vulnerability CVE-2015-6565

Security Advisory Description sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service terminal disruption or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence...

K81674333: Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325

Security Advisory Description CVE-2019-8322 An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur. CVE-2019-8323 An issue was...

K13405416: QEMU vulnerability CVE-2012-3515

Security Advisory Description Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space...

SUSE CVE-2003-0021

The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence...

SUSE CVE-2003-0077

The hanterm hanterm-xf terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

SUSE CVE-2003-0063

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the...