Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

invisible-island xterm vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2023-40359
xterm prior to 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain ...
Invisible-island Xterm
9.8
CVSSv3
CVE-2022-45063
xterm prior to 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
Invisible-island XtermFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
5.5
CVSSv3
CVE-2022-24130
xterm through Patch 370, when Sixel support is enabled, allows malicious users to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
Invisible-island XtermDebian Debian Linux 9.0Fedoraproject Fedora 34Fedoraproject Fedora 35
9.8
CVSSv3
CVE-2021-27135
xterm before Patch #366 allows remote malicious users to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
Invisible-island XtermDebian Debian Linux 9.0Fedoraproject Fedora 33
NA
CVE-2006-7236
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted malicious users to execute arbitrary code or have unspecified other impact via escape sequences.
Invisible-island Xterm Nil
NA
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted malicious users to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 ...
Invisible-island Xterm Nil
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook