Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling.
The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ownership of PID file directory to the collectd account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL (when the service is stopped).
In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code.
Подвесная люстра Loft It Makabolla LOFT1861/8 в наличии Цена: 18240.00 ₽ КУПИТЬ