FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5b2eac07-8b4d-11ed-8b23-a0f3c100ae18	rxvt-unicode is vulnerable to a remote code execution Marc Lehmann reports: The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal (that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely). Discovery 2022-12-05 Entry 2023-01-03 rxvt-unicode < 9.31 CVE-2022-4170 https://nvd.nist.gov/vuln/detail/CVE-2022-4170
c2fdb3bc-7d72-11da-b96e-000fb586ba73	rxvt-unicode -- restore permissions on tty devices A rxvt-unicode changelog reports: SECURITY FIX: on systems using openpty, permissions were not correctly updated on the tty device and were left as world-readable and world-writable (likely in original rxvt, too), and were not restored properly. Affected are only systems where non-unix ptys were used (such as most BSDs). Found, patched and debugged by Ryan Beasley. Discovery 2005-12-31 Entry 2006-01-04 rxvt-unicode < 6.3 http://dist.schmorp.de/rxvt-unicode/Changes
d4bd4046-93a6-11d9-8378-000bdb1444a4	rxvt-unicode -- buffer overflow vulnerability A rxvt-unicode changelog reports: Fix a bug that allowed to overflow a buffer via a long escape sequence, which is probably exploitable (fix by Rob Holland / Yoann Vandoorselaere / Gentoo Audit Team). Discovery 2005-03-13 Entry 2005-03-13 rxvt-unicode < 5.3 http://dist.schmorp.de/rxvt-unicode/Changes

VuXML ID

Description

5b2eac07-8b4d-11ed-8b23-a0f3c100ae18

rxvt-unicode is vulnerable to a remote code execution

Marc Lehmann reports:

The biggest issue is resolving CVE-2022-4170, which allows command execution inside urxvt from within the terminal (that means anything that can output text in the terminal can start commands in the context of the urxvt process, even remotely).

Discovery 2022-12-05
Entry 2023-01-03
rxvt-unicode

< 9.31

CVE-2022-4170
https://nvd.nist.gov/vuln/detail/CVE-2022-4170

c2fdb3bc-7d72-11da-b96e-000fb586ba73

rxvt-unicode -- restore permissions on tty devices

A rxvt-unicode changelog reports:

SECURITY FIX: on systems using openpty, permissions were not correctly updated on the tty device and were left as world-readable and world-writable (likely in original rxvt, too), and were not restored properly. Affected are only systems where non-unix ptys were used (such as most BSDs). Found, patched and debugged by Ryan Beasley.

Discovery 2005-12-31
Entry 2006-01-04
rxvt-unicode

< 6.3

http://dist.schmorp.de/rxvt-unicode/Changes

d4bd4046-93a6-11d9-8378-000bdb1444a4

rxvt-unicode -- buffer overflow vulnerability

A rxvt-unicode changelog reports:

Fix a bug that allowed to overflow a buffer via a long escape sequence, which is probably exploitable (fix by Rob Holland / Yoann Vandoorselaere / Gentoo Audit Team).

Discovery 2005-03-13
Entry 2005-03-13
rxvt-unicode

< 5.3

http://dist.schmorp.de/rxvt-unicode/Changes