Lucene search
K

6886 matches found

CNVD
CNVD
added 2019/12/18 12:0 a.m.4 views

Yarn Posterior Link Vulnerability

Yarn is an open source package installation, management tools. A security vulnerability exists in versions of Yarn prior to 1.21.1, which stems from a package installation feature that can be used to create arbitrary symbolic links on the host filesystem. An attacker can exploit this vulnerabilit...

7.8CVSS6.9AI score0.01505EPSS
Exploits1References1
OSV
OSV
added 2019/12/16 8:15 p.m.1 views

DEBIAN-CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.8AI score0.01505EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2019/12/16 8:15 p.m.25 views

CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References6
OSV
OSV
added 2019/12/16 8:15 p.m.2 views

UBUNTU-CVE-2019-10773

In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References7
NVD
NVD
added 2019/12/13 1:15 a.m.18 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.5AI score0.01984EPSS
Exploits0References11
OSV
OSV
added 2019/12/13 1:15 a.m.29 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

6.5CVSS6.2AI score
Exploits0References11
OSV
OSV
added 2019/12/13 1:15 a.m.2 views

DEBIAN-CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

6.5CVSS6.9AI score0.01984EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/12/13 1:15 a.m.28 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS6.9AI score0.01984EPSS
Exploits0References3
Prion
Prion
added 2019/12/13 1:15 a.m.26 views

Code injection

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

5.5CVSS7.5AI score0.01984EPSS
Exploits0References11Affected Software6
Debian CVE
Debian CVE
added 2019/12/13 1:0 a.m.24 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS6.9AI score0.01984EPSS
Exploits0
Cvelist
Cvelist
added 2019/12/13 1:0 a.m.32 views

CVE-2019-16777 Arbitrary File Overwrite in npm CLI

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.5AI score0.01984EPSS
Exploits0References11
CVE
CVE
added 2019/12/13 1:0 a.m.396 views

CVE-2019-16777

The CVE-2019-16777 entry affects the npm CLI for versions prior to 6.13.4, which are vulnerable to Arbitrary File Overwrite. The issue allows overwriting globally-installed binaries (e.g., a serve binary) during subsequent package installations, including when --ignore-scripts is used. This behav...

7.7CVSS6.8AI score0.01984EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/12/12 3:16 a.m.25 views

Arbitrary File Overwrite

npm is vulnerable to arbitrary file overwrite. The package does not prevent existing globally-installed binaries from being overwritten by other package installations in /usr/local/bin. This would allow the overwriting of binary files created from the first installation...

8.1CVSS5.1AI score0.03342EPSS
Exploits0References14Affected Software2
Veracode
Veracode
added 2019/12/12 3:0 a.m.13 views

Arbitrary File Overwrite

bin-links is vulnerable to arbitrary file overwrite. The application does not prevent globally-installed binaries to be overwritten by other package installs...

3.2AI score
Exploits0
Snyk
Snyk
added 2019/12/11 3:29 p.m.1 views

Arbitrary File Write

Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files could be...

7.8CVSS7.4AI score0.01505EPSS
Exploits1References2
exploitpack
exploitpack
added 2019/12/11 12:0 a.m.82 views

AppXSvc 17763 - Arbitrary File Overwrite (DoS)

AppXSvc 17763 - Arbitrary File Overwrite DoS Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based...

7.2CVSS0.7AI score0.41667EPSS
Exploits20
Packet Storm
Packet Storm
added 2019/12/11 12:0 a.m.251 views

AppXSvc 17763 Arbitrary File Overwrite

Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...

7.2CVSS0.9AI score0.41667EPSS
Exploits20
Positive Technologies
Positive Technologies
added 2019/12/11 12:0 a.m.4 views

PT-2019-1104 · Npm +6 · Npm Cli +6

Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.4 Description: The issue allows for an Arbitrary File Overwrite due to the failure to prevent existing globally-installed binaries from being overwritten by other package installations. For example, if a package...

9.8CVSS7.2AI score0.57132EPSS
Exploits2References106
Exploit DB
Exploit DB
added 2019/12/11 12:0 a.m.379 views

AppXSvc 17763 - Arbitrary File Overwrite (DoS)

Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...

7.8CVSS7AI score0.41667EPSS
Exploits20
Symantec
Symantec
added 2019/12/11 12:0 a.m.28 views

Drupal Webform Module Multiple Security Vulnerabilities

Description Webform Module of Drupal is prone to the following multiple security vulnerabilities: 1. An arbitrary-file-overwrite vulnerability 2. A cross-site scripting vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Exploits0References1Affected Software1
Rows per page
Query Builder