Invisible-Island: >> Xterm >> _nil_ Security Vulnerabilities
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
CVSS Score
9.3
EPSS Score
0.066
Published
2009-01-02
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
CVSS Score
9.3
EPSS Score
0.018
Published
2009-01-02