CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2014-3121 – Debian Security Advisory 2925-1
https://notcve.org/view.php?id=CVE-2014-3121
08 May 2014 — rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. rxvt-unicode anterior a 9.20 no maneja debidamente secuencias de escape OSC, lo que permite a atacantes remotos asistidos por usuario manipular propiedades de ventana X y ejecutar comandos arbitrarios. rxvt-unicode before 9.20 is vulnerable to a user-assisted arbitrary commands execution issue. This can be exploited by... • http://dist.schmorp.de/rxvt-unicode/Changes • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 118EXPL: 0CVE-2008-1142
https://notcve.org/view.php?id=CVE-2008-1142
07 Apr 2008 — rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. Rxvt versión 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podría permitir a los usuarios locales secuestrar conexion... • http://article.gmane.org/gmane.comp.security.oss.general/122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0126
https://notcve.org/view.php?id=CVE-2006-0126
09 Jan 2006 — rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. • http://dist.schmorp.de/rxvt-unicode/Changes •