CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-4170 – Gentoo Linux Security Advisory 202310-20
https://notcve.org/view.php?id=CVE-2022-4170
09 Dec 2022 — The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. El paquete rxvt-unicode es vulnerable a la ejecución remota de código, en la extensión en segundo plano de Perl, cuando un atacante puede controlar los datos escritos en el terminal del usuario y se configuran ciertas opciones. A vulnerability has been discovered in rxvt-unicode where data written to the termina... • https://bugzilla.redhat.com/show_bug.cgi?id=2151597 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.5EPSS: 28%CPEs: 5EXPL: 11CVE-2021-42574 – environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
https://notcve.org/view.php?id=CVE-2021-42574
01 Nov 2021 — An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers ... • https://github.com/simplylu/CVE-2021-42574 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-838: Inappropriate Encoding for Output Context •
CVSS: 8.3EPSS: 9%CPEs: 1EXPL: 2CVE-2021-42694 – Gentoo Linux Security Advisory 202210-09
https://notcve.org/view.php?id=CVE-2021-42694
01 Nov 2021 — An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software. NOTE: the Unicode Consortium offers the following alternative approach to presenting t... • https://github.com/simplylu/CVE-2021-42694 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-21913 – Debian Security Advisory 5014-1
https://notcve.org/view.php?id=CVE-2020-21913
20 Sep 2021 — International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. Se ha detectado que International Components for Unicode (ICU-20850) versión v66.1, contiene un bug de uso de memoria previamente liberada en la función pkg_createWithAssemblyCode en el archivo tools/pkgdata/pkgdata.cpp Rongxin Wu discovered a use-after-free vulnerability in the International Components for Unicode (ICU) libra... • https://github.com/unicode-org/icu/pull/886 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 2CVE-2021-33477 – Gentoo Linux Security Advisory 202209-07
https://notcve.org/view.php?id=CVE-2021-33477
20 May 2021 — rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. rxvt-unicode versión 9.22, rxvt versión 2.7.10, mrxvt versión 0.5.4 y Eterm versión 0.9.7 permiten una ejecución de código (potencialmente remoto) debido al manejo inapropiado de determinadas secuencias de escape (ESC GQ). Una respuesta es terminada con una nueva línea A vulnerability has been di... • http://cvs.schmorp.de/rxvt-unicode/Changes?view=log • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10610
https://notcve.org/view.php?id=CVE-2016-10610
01 Jun 2018 — unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. unicode-json es una tabla de búsquedas de unicode. unicode-json en versiones anteriores a la 2.0.0 descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/206 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10578
https://notcve.org/view.php?id=CVE-2016-10578
29 May 2018 — unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Unicode carga datos Unicode descargados de unicode.org en nodejs. Unicode en versiones anteriores a la 9.0.0 descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/161 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.1EPSS: 0%CPEs: 118EXPL: 0CVE-2008-1142
https://notcve.org/view.php?id=CVE-2008-1142
07 Apr 2008 — rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. Rxvt versión 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podría permitir a los usuarios locales secuestrar conexion... • http://article.gmane.org/gmane.comp.security.oss.general/122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0126
https://notcve.org/view.php?id=CVE-2006-0126
09 Jan 2006 — rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. • http://dist.schmorp.de/rxvt-unicode/Changes •