Updated vim packages fix security vulnerability

"rvim" can execute a shell through :diffpatch...

PT-2023-36339 · Rvim · Rvim

Name of the Vulnerable Software and Affected Versions: rvim affected versions not specified Description: The issue allows rvim to execute a shell through the :diffpatch command. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

CVE-2023-28460

A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer...

PT-2023-21733 · Array Networks · Array Networks Apv

Name of the Vulnerable Software and Affected Versions: Array Networks APV products versions prior to 8.6.1.262 Array Networks APV products versions prior to 10.4.2.93 Description: A command injection issue was discovered in Array Networks APV products. A remote attacker can send a crafted packet...

CVE-2023-26922

SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shellexect parameter to the \www\pages\matrix-gui-2.0 endpoint...

SketchSVG 代码注入漏洞

eBay SketchSVG is eBay's tool for extracting icons from Sketch files and compressing them into SVGs. A security vulnerability exists in SketchSVG that stems from vulnerability to arbitrary code injection when shell.exec is called...

CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x traceroute.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Puls...

Arbitrary Code Injection

Overview sketchsvg is a Command line tool used to convert and compress Sketch Icons/images to SVG and base64 formats. Affected versions of this package are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current...

CVE-2022-2025

CVE-2022-2025 affects Grandstream GSD3710 devices with firmware 1.0.11.13 and earlier. The vulnerability is a stack-based buffer overflow caused by not validating the length of parameters before using strcpy, allowing an attacker who knows valid user credentials to overflow the stack and potentia...

Grandstream GSD3710 缓冲区错误漏洞

The Grandstream GSD3710 is an HD video access control system from Grandstream. A security vulnerability exists in the Grandstream GSD3710 version 1.0.11.13, which stems from not checking the length of parameters before using the strcopy command, and can be exploited by an attacker to execute a...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

Command injection

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...