Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2014-3121

Published: 14/05/2014 Updated: 29/12/2017
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Rxvt-unicode

Vulnerability Summary

rxvt-unicode prior to 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote malicious users to manipulate arbitrary X window properties and execute arbitrary commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

marc lehmann rxvt-unicode 9.16

marc lehmann rxvt-unicode 9.15

marc lehmann rxvt-unicode 9.07

marc lehmann rxvt-unicode 9.06

marc lehmann rxvt-unicode 9.05

marc lehmann rxvt-unicode 9.18

marc lehmann rxvt-unicode 9.17

marc lehmann rxvt-unicode 9.09

marc lehmann rxvt-unicode 9.08

marc lehmann rxvt-unicode 9.14

marc lehmann rxvt-unicode 9.12

marc lehmann rxvt-unicode 9.02

marc lehmann rxvt-unicode 9.0

marc lehmann rxvt-unicode

marc lehmann rxvt-unicode 9.11

marc lehmann rxvt-unicode 9.10

marc lehmann rxvt-unicode 9.01

Vendor Advisories

Debian CVElist Bug Report Logs: rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands execution
Debian Bug report logs - #746593 rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands execution Package: src:rxvt-unicode; Maintainer for src:rxvt-unicode is Ryan Kavanagh <rak@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 May 2014 18:36:02 UTC Severity: grave Tags: fixed-u ...
Debian Security Advisories: DSA-2925-1 rxvt-unicode -- security update
Phillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands For the oldstable distribution (squeeze), this problem has been fixed in version 907-2+deb6u1 For the stable distribution (wheezy), this problem has been fixed in version 915-2+deb7u1 For the ...

References

CWE-78http://www.debian.org/security/2014/dsa-2925http://dist.schmorp.de/rxvt-unicode/Changeshttp://seclists.org/oss-sec/2014/q2/204https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.htmlhttp://www.securityfocus.com/bid/67155https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-updates/2014-06/msg00038.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746593https://nvd.nist.govhttps://www.debian.org/security/./dsa-2925
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook