6886 matches found
openSUSE Security Update : nodejs8 (openSUSE-2019-1907)
This update for nodejs8 fixes the following issues : Security issue fixed : - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed : - Backported fixes for OpenSSL 1.1.1 from nodejs8 bsc1134209. This update was imported from the...
SUSE-SU-2019:2181-1 Security update for nodejs6
This update for nodejs6 fixes the following issues: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290...
Unauthorized File Overwrite
github.com/cnlh/nps is vulnerable to unauthorized file overwrite. The permission for /usr/local/bin/nps and/or /usr/bin/nps is 0777 instead of 0755, allowing a local user to perform an unauthorized file overwriting...
CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
Design/Logic Flaw
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
CVE-2019-15119
CVE-2019-15119 affects cnlh/nps prior to 0.23.2 where install.go sets 0777 on /usr/local/bin/nps and/or /usr/bin/nps, enabling a local user to overwrite the file. Connected records corroborate the issue details (world-writable binaries and local overwrite risk). Exploitation details, affected ver...
CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user...
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2019:1907-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-3974
CVE-2019-3974 affects Tenable Nessus on Windows (versions 8.5.2 and earlier). The issue allows arbitrary overwriting of certain system files, potentially causing a denial-of-service condition. Root cause: file overwrite flaw in Nessus’ Windows file handling. Affected product/version per sources: ...
OPENSUSE-SU-2019:1907-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: - Backported fixes for OpenSSL 1.1.1 from nodejs8 bsc1134209. This update was imported from the...
Security update for icedtea-web (important)
openSUSE Security Update: Security update for icedtea-web Announcement ID: openSUSE-SU-2019:1911-1 Rating: important References: 1142825 1142832 1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities ...
Security update for nodejs8 (important)
openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2019:1907-1 Rating: important References: 1134209 1140290 Cross-References: CVE-2019-13173 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now...
Tenable Network Security Nessus Access Control Error Vulnerability
Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. An Access Control Error vulnerability exists in versions 8.5.2 and earlier of Tenable Network Security Nessus for Windows-based platforms, which can be exploited by an attacker to...
[R1] Nessus 8.6.0 Fixes One Vulnerability
Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition...
OPENSUSE-SU-2019:1846-1 Security update for nodejs10
This update for nodejs10 to version 10.16.0 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: - Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and...
Mail.ru: Avatar upload allows arbitrary file overwriting
Directory traversal via filename extension for avatar upload allowed to overwrite arbitrary files in S3-compatible bucket for static files in pandao.ru. Pandao.ru belongs to extended scope...
Security update for nodejs10 (important)
openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2019:1846-1 Rating: important References: 1134208 1140290 Cross-References: CVE-2019-13173 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...
RHEL 8 : icedtea-web (RHSA-2019:2004)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2004 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...
SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2099-1)
This update for nodejs10 to version 10.16.0 fixes the following issues : Security issue fixed : CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and...