7.6

CVE-2014-3121

rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Marc LehmannRxvt-unicode Version <= 9.19
Marc LehmannRxvt-unicode Version9.0
Marc LehmannRxvt-unicode Version9.01
Marc LehmannRxvt-unicode Version9.02
Marc LehmannRxvt-unicode Version9.05
Marc LehmannRxvt-unicode Version9.06
Marc LehmannRxvt-unicode Version9.07
Marc LehmannRxvt-unicode Version9.08
Marc LehmannRxvt-unicode Version9.09
Marc LehmannRxvt-unicode Version9.10
Marc LehmannRxvt-unicode Version9.11
Marc LehmannRxvt-unicode Version9.12
Marc LehmannRxvt-unicode Version9.14
Marc LehmannRxvt-unicode Version9.15
Marc LehmannRxvt-unicode Version9.16
Marc LehmannRxvt-unicode Version9.17
Marc LehmannRxvt-unicode Version9.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.1% 0.894
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://dist.schmorp.de/rxvt-unicode/Changes
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html
http://seclists.org/oss-sec/2014/q2/204
http://www.debian.org/security/2014/dsa-2925
http://www.securityfocus.com/bid/67155
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html