) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:invisible-island:xterm:231:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-40359 |
xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature. Published: August 14, 2023; 1:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-45063 |
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. Published: November 10, 2022; 11:15:12 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-24130 |
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. Published: January 31, 2022; 12:15:08 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.6 LOW |
| CVE-2021-27135 |
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. Published: February 10, 2021; 11:15:13 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |