rpm package
opensuse/rxvt-unicode&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rxvt-unicode&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4170 | — | < 9.31-1.1 | 9.31-1.1 | Dec 9, 2022 | The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | ||
| CVE-2021-33477 | — | < 9.30-2.1 | 9.30-2.1 | May 20, 2021 | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | ||
| CVE-2017-7483 | Hig | 7.5 | < 9.26-3.3 | 9.26-3.3 | May 2, 2017 | Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | |
| CVE-2014-3121 | — | < 9.22-1.1 | 9.22-1.1 | May 14, 2014 | rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | ||
| CVE-2008-1142 | — | < 9.22-1.1 | 9.22-1.1 | Apr 7, 2008 | rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenar |
- CVE-2022-4170Dec 9, 2022affected < 9.31-1.1fixed 9.31-1.1
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.
- CVE-2021-33477May 20, 2021affected < 9.30-2.1fixed 9.30-2.1
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
- affected < 9.26-3.3fixed 9.26-3.3
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.
- CVE-2014-3121May 14, 2014affected < 9.22-1.1fixed 9.22-1.1
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
- CVE-2008-1142Apr 7, 2008affected < 9.22-1.1fixed 9.22-1.1
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenar