VYPR

rpm package

opensuse/rxvt-unicode&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rxvt-unicode&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2022-4170Dec 9, 2022
    affected < 9.31-1.1fixed 9.31-1.1

    The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

  • CVE-2021-33477May 20, 2021
    affected < 9.30-2.1fixed 9.30-2.1

    rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.

  • CVE-2017-7483HigMay 2, 2017
    affected < 9.26-3.3fixed 9.26-3.3

    Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.

  • CVE-2014-3121May 14, 2014
    affected < 9.22-1.1fixed 9.22-1.1

    rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.

  • CVE-2008-1142Apr 7, 2008
    affected < 9.22-1.1fixed 9.22-1.1

    rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenar