The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted malicious users to execute arbitrary code or have unspecified other impact via escape sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invisible-island xterm _nil_ |