Astra Linux - уязвимость в util-linux

The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tty: add the option to have a tty reject a new ldisc ... and use it to limit the virtual terminals to just NTTY. They are kind of special, and in particular, the "conwrite" routine violates the "writes cannot sleep" rule that som...

iTerm2 安全漏洞

iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2026-007176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007176 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a...

CVE-2026-40228

A flaw was found in systemd-journald. When the ForwardToWall=yes configuration is enabled, a local user who executes a logger -p emerg command can cause systemd-journald to send ANSI escape sequences to the terminals of other arbitrary users. This can lead to unintended output appearing on user...

CVE-2026-40228

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

CVE-2026-40228

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

PT-2026-31987

Name of the Vulnerable Software and Affected Versions systemd version 259 Description In systemd 259, the systemd-journald component can transmit ANSI escape sequences to the terminals of arbitrary users when a 'logger -p emerg' command is executed, provided that ForwardToWall=yes is configured...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the mmctl component. An attacker can execute arbitrary terminal escape sequences by sending specially crafted messages, potentially leading to manipulation of administrator terminals, including screen...

GHSA-3439-VQGJ-2GCF Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-3108

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

PT-2026-28419

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.10 Mattermost versions 11.2.x through 11.2.2 Mattermost versions 11.3.x through 11.3.1 Mattermost versions 11.4.x through 11.4.0 Description The software does not properly sanitize user-controlled post...

Palo Alto Networks Cortex XDR Broker VM 安全漏洞

Palo Alto Networks Cortex XDR Broker VM is a secure virtual machine developed by Palo Alto Networks. It integrates with Cortex XDR and can bridge networks with Cortex XDR. There is a security vulnerability in Palo Alto Networks Cortex XDR Broker VM, which stems from information leakage. This...

ALPINE-CVE-2026-28422

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

CVE-2026-28422

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

AZL-78512 CVE-2026-28422 affecting package vim 9.1.1616-1

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

CVE-2026-28422

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

UBUNTU-CVE-2026-28422

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

CVE-2026-28422

Vim prior to 9.2.0078 has a stack-buffer-overflow in build_stl_str_hl() triggered when rendering a statusline with a multi-byte fill character on very wide terminals. The issue is fixed in version 9.2.0078 . The CVSS data indicates low impact (I/L) with local attack requirements and user interact...