13 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-4170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's...
openSUSE: Security Advisory for rxvt (openSUSE-SU-2023:0306-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : rxvt-unicode (openSUSE-SU-2023:0306-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0306-1 advisory. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to t...
OPENSUSE-SU-2023:0306-1 Security update for rxvt-unicode
This update for rxvt-unicode fixes the following issues: - Update to version 9.31: CVE-2022-4170 boo1206069 - implement a fix for CVE-2022-4170 reported and analyzed by David Leadbeater. While present in version 9.30, it should not be exploitable. It is exploitable in versions 9.25 and 9.26, at...
[slackware-security] rxvt-unicode
New rxvt-unicode packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rxvt-unicode-9.26-i586-3slack15.0.txz: Rebuilt. When the "background" extension was loaded, an attacker able to control the dat...
Slackware: Security Advisory (SSA:2023-003-02)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware Linux 15.0 / current rxvt-unicode Vulnerability (SSA:2023-003-02)
The version of rxvt-unicode installed on the remote host is prior to 9.26. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-003-02 advisory. - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can contr...
Mageia: Security Advisory (MGASA-2022-0459)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0459 Updated rxvt-unicode packages fix security vulnerability
rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVE-2022-4170...
Updated rxvt-unicode packages fix security vulnerability
rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVE-2022-4170...
CVE-2022-4170
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set...
CVE-2022-4170
The CVE-2022-4170 issue affects the rxvt-unicode terminal emulator, specifically the Perl background extension. The vulnerability allows remote code execution when an attacker can control data written to the user’s terminal and certain X resources/options are set. Multiple advisories (Gentoo GLSA...
rxvt-unicode is vulnerable to a remote code execution
Marc Lehmann reports: The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely...