Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Invisible-island Subscribe
Filtered by product Xterm
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45063 2 Fedoraproject, Invisible-island 2 Fedora, Xterm 2022-12-02 N/A 9.8 CRITICAL
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
CVE-2021-27135 3 Debian, Fedoraproject, Invisible-island 3 Debian Linux, Fedora, Xterm 2022-09-30 7.5 HIGH 9.8 CRITICAL
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CVE-2022-24130 3 Debian, Fedoraproject, Invisible-island 3 Debian Linux, Fedora, Xterm 2022-08-19 2.6 LOW 5.5 MEDIUM
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
CVE-2008-2383 1 Invisible-island 1 Xterm 2018-10-03 9.3 HIGH N/A
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
CVE-2006-7236 3 Debian, Invisible-island, Ubuntu 3 Debian Linux, Xterm, Linux 2018-10-03 9.3 HIGH N/A
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.