Vendor
Invisible Island
Products
3
CVEs
5
Across products
5
Status
Private
Products
3- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-3120 | Cri | 0.69 | 9.8 | 0.30 | Oct 17, 2005 | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | |
| CVE-2022-45063 | Cri | 0.65 | 9.8 | 0.18 | Nov 10, 2022 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | |
| CVE-2017-20229 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges. | |
| CVE-2006-7236 | 0.04 | — | 0.09 | Jan 2, 2009 | The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | ||
| CVE-2008-2383 | 0.00 | — | 0.02 | Jan 2, 2009 | CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. |