Lcashdol

**Name of the Vulnerable Software and Affected Versions** Webbynode gem versions 1.0.5.3 and earlier **Description** The issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message. This is due to a problem in the message function in lib/webbynode/notify.rb. **Recommendations** For Webbynode gem versions 1.0.5.3 and earlier, consider disabling the message function in lib/webbynode/notify.rb until a patch is available to prevent the execution of arbitrary commands via shell metacharacters in a growlnotify message.

**Name of the Vulnerable Software and Affected Versions** PatchLink Update client for Unix versions 6.2094 through 6.4102 **Description** The issue allows local users to truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. This can potentially lead to unauthorized access to confidential data, disruption of data integrity, and denial of service. **Recommendations** For versions 6.2094 through 6.4102, consider restricting access to the logtrimmer script and the rebootTask script to minimize the risk of exploitation. As a temporary workaround, avoid using the /tmp/patchlink.tmp and /tmp/plshutdown files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.