4 results (0.003 seconds)

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0

The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. El paquete rxvt-unicode es vulnerable a la ejecución remota de código, en la extensión en segundo plano de Perl, cuando un atacante puede controlar los datos escritos en el terminal del usuario y se configuran ciertas opciones. • https://bugzilla.redhat.com/show_bug.cgi?id=2151597 https://security.gentoo.org/glsa/202310-20 https://www.openwall.com/lists/oss-security/2022/12/05/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 2

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. rxvt-unicode versión 9.22, rxvt versión 2.7.10, mrxvt versión 0.5.4 y Eterm versión 0.9.7 permiten una ejecución de código (potencialmente remoto) debido al manejo inapropiado de determinadas secuencias de escape (ESC GQ). Una respuesta es terminada con una nueva línea • http://cvs.schmorp.de/rxvt-unicode/Changes?view=log http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 https://git.enlightenment.org/apps/eterm.git/log https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html https://lists.fedoraproject.org/archive • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. Rxvt v2.7.10 es vulnerable a un ataque de denegación de servicio al pasar el valor -2^31 dentro de un código de escape de terminal, lo que resulta en un entero no invertible que eventualmente produce un segfault debido a una lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2017/05/01/15 http://www.openwall.com/lists/oss-security/2017/05/01/18 https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2

xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. • https://www.exploit-db.com/exploits/19984 http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html http://www.openwall.com/lists/oss-security/2024/06/09/1 http://www.openwall.com/lists/oss-security/2024/06/09/2 http://www.securityfocus.com/bid/1298 •