Search criteria
3 vulnerabilities by marc_lehmann
CVE-2014-3121 (GCVE-0-2014-3121)
Vulnerability from cvelistv5 – Published: 2014-05-14 00:00 – Updated: 2024-08-06 10:35
VLAI
Summary
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/pipermail/package… | vendor-advisoryx_refsource_FEDORA |
| http://dist.schmorp.de/rxvt-unicode/Changes | x_refsource_CONFIRM |
| http://www.debian.org/security/2014/dsa-2925 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/67155 | vdb-entryx_refsource_BID |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://seclists.org/oss-sec/2014/q2/204 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-updates/2014-0… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/pipermail/package… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-5938",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dist.schmorp.de/rxvt-unicode/Changes"
},
{
"name": "DSA-2925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2925"
},
{
"name": "67155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67155"
},
{
"name": "SUSE-SU-2014:0838",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html"
},
{
"name": "[oss-security] 20140430 CVE request: rxvt-unicode user-assisted arbitrary commands execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/204"
},
{
"name": "openSUSE-SU-2014:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html"
},
{
"name": "FEDORA-2014-5939",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-5938",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dist.schmorp.de/rxvt-unicode/Changes"
},
{
"name": "DSA-2925",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2925"
},
{
"name": "67155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67155"
},
{
"name": "SUSE-SU-2014:0838",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html"
},
{
"name": "[oss-security] 20140430 CVE request: rxvt-unicode user-assisted arbitrary commands execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/204"
},
{
"name": "openSUSE-SU-2014:0814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html"
},
{
"name": "FEDORA-2014-5939",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-5938",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html"
},
{
"name": "http://dist.schmorp.de/rxvt-unicode/Changes",
"refsource": "CONFIRM",
"url": "http://dist.schmorp.de/rxvt-unicode/Changes"
},
{
"name": "DSA-2925",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2925"
},
{
"name": "67155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67155"
},
{
"name": "SUSE-SU-2014:0838",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html"
},
{
"name": "[oss-security] 20140430 CVE request: rxvt-unicode user-assisted arbitrary commands execution",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/204"
},
{
"name": "openSUSE-SU-2014:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html"
},
{
"name": "FEDORA-2014-5939",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3121",
"datePublished": "2014-05-14T00:00:00.000Z",
"dateReserved": "2014-04-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:56.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2215 (GCVE-0-2004-2215)
Vulnerability from cvelistv5 – Published: 2005-07-17 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/10959 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://cvs.schmorp.de/browse/rxvt-unicode/Changes… | x_refsource_CONFIRM |
| http://secunia.com/advisories/12299 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/8710 | vdb-entryx_refsource_OSVDB |
Date Public
2004-08-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:12.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10959"
},
{
"name": "rxvt-unicode-open-file-handler(17000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.schmorp.de/browse/rxvt-unicode/Changes?view=markup"
},
{
"name": "12299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12299"
},
{
"name": "8710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10959"
},
{
"name": "rxvt-unicode-open-file-handler(17000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.schmorp.de/browse/rxvt-unicode/Changes?view=markup"
},
{
"name": "12299",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12299"
},
{
"name": "8710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10959"
},
{
"name": "rxvt-unicode-open-file-handler(17000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17000"
},
{
"name": "http://cvs.schmorp.de/browse/rxvt-unicode/Changes?view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.schmorp.de/browse/rxvt-unicode/Changes?view=markup"
},
{
"name": "12299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12299"
},
{
"name": "8710",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2215",
"datePublished": "2005-07-17T04:00:00.000Z",
"dateReserved": "2005-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:12.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0764 (GCVE-0-2005-0764)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://bugs.gentoo.org/show_bug.cgi?id=84680 | x_refsource_MISC |
Date Public
2005-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200503-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=84680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:39:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200503-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=84680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200503-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=84680",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=84680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0764",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}