6886 matches found
Debian: Security Advisory (DSA-4489-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GitLab: Git flag injection leading to file overwrite and potential remote code execution
Summary The refname in the Commits API is not sanitized, allowing for a ref starting with -- to be provided causing git to interpret it as a flag instead of as a ref. If a refname such as --output=/tmp/somefile is used then the following command is executed by gitaly in findcommits.go:...
nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link
A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...
OPENSUSE-SU-2019:1718-1 Security update for libqb
This update for libqb fixes the following issues: Security issue fixed: - CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files bsc1137835. This update was imported from the SUSE:SLE-15:Update update project...
Private Internet Access (PIA) VPN Client Arbitrary File Overwrite Vulnerability
Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary file overwrite vulnerability exists in the London Trust Media Private Internet Access PIA VPN client version 82 for Linux and macOS. An attacker can exploit this vulnerability to overwrite any fil...
Private Internet Access (PIA) VPN Client Arbitrary File Overwrite Vulnerability (CNVD-2019-24220)
Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary file overwrite vulnerability exists in the London Trust Media Private Internet Access PIA VPN client 0.9.8 beta build 02099 for macOS. An attacker can exploit this vulnerability to cause a denial ...
CVE-2019-12573
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...
CVE-2019-12571
A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...
CVE-2019-12571
Affected software: London Trust Media Private Internet Access (PIA) VPN Client for macOS, v0.9.8 beta (build 02099). Vulnerability details: When the client connects, it creates the XML file /tmp/pia-watcher.plist. If this file exists, it is truncated and its contents overwritten by an attacker wi...
Code injection
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled...
Kubernetes 1.12.x < 1.12.9 / 1.13.x < 1.13.6 / 1.14.x < 1.14.2 kubectl directory traversal
The version of Kubernetes installed on the remote host is a version prior to 1.12.9, or 1.13.x prior to 1.13.6, or 1.14.x prior to 1.14.2. It is, therefore, affected by a directory traversal vulnerability in the kubectl cp command due to mishandling of symlinks when copying files from a running...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
DEBIAN-CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
Design/Logic Flaw
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
CVE-2019-13173
CVE-2019-13173 affects the Node.js fstream module (pre-1.0.12). The vulnerability is in fstream.DirWriter and allows overwriting system files when extracting tarballs containing a hardlink to an existing file, overwriting the target with the extracted content. Impact is arbitrary file overwrite o...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...
CVE-2019-13173
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...