7.6
CVE-2014-3121
- EPSS 3.34%
- Veröffentlicht 14.05.2014 00:55:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginrxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Marc Lehmann ≫ Rxvt-unicode Version <= 9.19
Marc Lehmann ≫ Rxvt-unicode Version9.0
Marc Lehmann ≫ Rxvt-unicode Version9.01
Marc Lehmann ≫ Rxvt-unicode Version9.02
Marc Lehmann ≫ Rxvt-unicode Version9.05
Marc Lehmann ≫ Rxvt-unicode Version9.06
Marc Lehmann ≫ Rxvt-unicode Version9.07
Marc Lehmann ≫ Rxvt-unicode Version9.08
Marc Lehmann ≫ Rxvt-unicode Version9.09
Marc Lehmann ≫ Rxvt-unicode Version9.10
Marc Lehmann ≫ Rxvt-unicode Version9.11
Marc Lehmann ≫ Rxvt-unicode Version9.12
Marc Lehmann ≫ Rxvt-unicode Version9.14
Marc Lehmann ≫ Rxvt-unicode Version9.15
Marc Lehmann ≫ Rxvt-unicode Version9.16
Marc Lehmann ≫ Rxvt-unicode Version9.17
Marc Lehmann ≫ Rxvt-unicode Version9.18
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.34% | 0.869 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.