RSS   Vulnerabilities for 'Xterm'   RSS

2022-01-31
 
CVE-2022-24130

CWE-120
 

 
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

 
2021-02-10
 
CVE-2021-27135

NVD-CWE-noinfo
 

 
xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

 
2009-01-02
 
CVE-2008-2383

CWE-94
 

 
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

 
 
CVE-2006-7236

CWE-16
 

 
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

 

 >>> Vendor: Invisible-island 2 Products
Xterm
Ncurse


Copyright 2024, cxsecurity.com

 

Back to Top