CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23858
https://notcve.org/view.php?id=CVE-2022-23858
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2. Se ha encontrado un fallo en la API REST. Una llamada a la API REST mal gestionada podría permitir a cualquier usuario registrado elevar los privilegios hasta la cuenta del sistema. • https://www.starwindsoftware.com/security/sw-20220121-0001 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found that users could still execute some arbitrary OS commands in the restricted mode. This flaw was fixed by filtering the functions that can call OS commands. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html http://seclists.org/fulldisclosure/2020/Jul/24 https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 https://github.com/vim/vim/releases/tag/v8.1.0881 https://lists.debian.org/debian-lts-announce/2022/01/msg00003.html https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4582-1 https://www.starwindsoftware.com/security/sw-20220812-0003 https://access.redhat.com/security/cve/CVE-2019&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •