VYPR

Xterm

by Xterm

CVEs (8)

  • CVE-2023-40359CriAug 14, 2023
    risk 0.64cvss 9.8epss 0.01

    xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain…

  • CVE-2022-45063CriNov 10, 2022
    risk 0.64cvss 9.8epss 0.05

    xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.

  • CVE-2022-24130MedJan 31, 2022
    risk 0.36cvss 5.5epss 0.02

    xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.

  • CVE-2000-0476Jun 1, 2000
    risk 0.03cvss epss 0.03

    xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.

  • CVE-2021-27135CriFeb 10, 2021
    risk 0.01cvss 9.8epss 0.08

    xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

  • CVE-2008-2383Jan 2, 2009
    risk 0.00cvss epss 0.05

    CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and…

  • CVE-2007-2797Aug 27, 2007
    risk 0.00cvss epss 0.00

    xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

  • CVE-1999-1210Nov 12, 1997
    risk 0.00cvss epss 0.00

    xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access.