7.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.4%
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593
bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
secunia.com/advisories/33388
usn.ubuntu.com/703-1/