CVE-2014-3121 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.6 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Vendor	Product	Version
marc_lehmann	rxvt-unicode	𝑥 ≤ 9.19
marc_lehmann	rxvt-unicode	9.0
marc_lehmann	rxvt-unicode	9.01
marc_lehmann	rxvt-unicode	9.02
marc_lehmann	rxvt-unicode	9.05
marc_lehmann	rxvt-unicode	9.06
marc_lehmann	rxvt-unicode	9.07
marc_lehmann	rxvt-unicode	9.08
marc_lehmann	rxvt-unicode	9.09
marc_lehmann	rxvt-unicode	9.10
marc_lehmann	rxvt-unicode	9.11
marc_lehmann	rxvt-unicode	9.12
marc_lehmann	rxvt-unicode	9.14
marc_lehmann	rxvt-unicode	9.15
marc_lehmann	rxvt-unicode	9.16
marc_lehmann	rxvt-unicode	9.17
marc_lehmann	rxvt-unicode	9.18

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rxvt-unicode

bullseye	9.22-11 fixed
bookworm	9.30-2 fixed
sid	9.31-3 fixed
trixie	9.31-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

rxvt-unicode

disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	ignored
quantal	ignored
precise	ignored
lucid	ignored

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

http://dist.schmorp.de/rxvt-unicode/Changes

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html

http://seclists.org/oss-sec/2014/q2/204

http://www.debian.org/security/2014/dsa-2925

http://www.securityfocus.com/bid/67155

https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html

https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html

http://dist.schmorp.de/rxvt-unicode/Changes

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00026.html

http://lists.opensuse.org/opensuse-updates/2014-06/msg00038.html

http://seclists.org/oss-sec/2014/q2/204

http://www.debian.org/security/2014/dsa-2925

http://www.securityfocus.com/bid/67155

https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html

https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html