Debian: Security Advisory (DLA-4005-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command injection

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the childprocess exec function without input sanitization. If attacker-controlled user input is given to the macaddressfor function of the package, it is possible for the attacker to execute...

Directory traversal

Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable...

CVE-2022-25926

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization...

Command injection

This affects all versions of package google-cloudstorage-commands...