20 matches found
CVE-2026-41500
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
CVE-2026-41500
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
CVE-2026-41500
The CVE concerns electerm prior to version 3.3.8, where the runMac() function appends attacker-controlled releaseInfo.name into an exec("open ...") command without validation, enabling command injection. Affected component: npm install script in electerm. Impact stated: remote code execution with...
CVE-2026-41500
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
EUVD-2026-28496
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...
RockyLinux 8 : python3.12 (RLSA-2026:6283)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6283 advisory. python: Python: Command-line option injection in webbrowser.open via crafted URLs CVE-2026-4519 Tenable has extracted the preceding description block directly fro...
CVE-2011-10007
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...
DEBIAN-CVE-2025-49466
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,...
Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain...
CLSA-2021-1640621325 Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-3984
CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...
Fix of CVE: CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069, CVE-2021-3984
CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...
CLSA-2021-1639686040 Fix CVE(s): CVE-2021-3984, CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069
SECURITY UPDATE: Using freed memory with regexp using a mark - debian/patches/CVE-2021-3974.patch: Get the line again after getting the mark position - CVE-2021-3974 SECURITY UPDATE: Illegal memory access when C-indenting - debian/patches/CVE-2021-3984.patch: Also set the cursor column -...
CLSA-2021-1639681874 Fix CVE(s): CVE-2021-3984, CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069
SECURITY UPDATE: Using freed memory with regexp using a mark - debian/patches/CVE-2021-3974.patch: Get the line again after getting the mark position - CVE-2021-3974 SECURITY UPDATE: Illegal memory access when C-indenting - debian/patches/CVE-2021-3984.patch: Also set the cursor column -...
CLSA-2021-1639580651 Fix CVE(s): CVE-2021-3984, CVE-2021-3973, CVE-2021-3974, CVE-2021-4019, CVE-2021-4069
SECURITY UPDATE: Using freed memory with regexp using a mark - debian/patches/CVE-2021-3974.patch: Get the line again after getting the mark position - CVE-2021-3974 SECURITY UPDATE: Illegal memory access when C-indenting - debian/patches/CVE-2021-3984.patch: Also set the cursor column -...
CLSA-2021-1639578578 Fixed CVEs in vim: CVE-2021-3974, CVE-2021-4019, CVE-2021-3973, CVE-2021-4069, CVE-2021-3984
CVE-2021-3974: fix using freed memory with regexp using a mark - CVE-2021-3984: fix illegal memory access when C-indenting - CVE-2021-3973: fix crash when using CTRL-W f without finding a file name - CVE-2021-4019: fix buffer overflow with long help argument - CVE-2021-4069: fix using freed...
Oracle Java SE Wv8u131 Information Disclosure
!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...
The vulnerability of the Linter Bastion database management system allows a malicious individual to execute arbitrary code with system privileges.
This vulnerability allows both remote and local attackers to execute arbitrary code with system privileges, without the need for authentication. This is achieved by sending an incorrect OPEN command to the InterBase database...
SuSE 6.3/6.4/7.0 sdb Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as a path when...