Arbitrary Code Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...

PT-2020-5157 · Openbsd +1 · Opensmtpd +1

Name of the Vulnerable Software and Affected Versions: OpenSMTPD versions prior to 6.6.4 Description: The issue is related to an out-of-bounds read in the mta io function in mta session.c for multi-line replies, which can allow remote code execution. Although this affects the client side of...