Invisible-island Xterm — known CVE vulnerabilities
Every CVE whose affected-product data names Invisible-island Xterm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-27135 — CVSS 9.8 (critical): xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted…
CVE-2022-45063 — CVSS 9.8 (critical): xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command…
CVE-2023-40359 — CVSS 9.8 (critical): xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor…
CVE-2006-7236 — CVSS 9.3 (critical): The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows…
CVE-2008-2383 — CVSS 9.3 (critical): CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a…
CVE-2022-24130 — CVSS 5.5 (medium): xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via…