Lucene search
K

6886 matches found

OpenVAS
OpenVAS
added 2019/07/28 12:0 a.m.60 views

Debian: Security Advisory (DSA-4489-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.4AI score0.0453EPSS
Exploits1References4
Hacker One
Hacker One
added 2019/07/22 4:0 p.m.20 views

GitLab: Git flag injection leading to file overwrite and potential remote code execution

Summary The refname in the Commits API is not sanitized, allowing for a ref starting with -- to be provided causing git to interpret it as a flag instead of as a ref. If a refname such as --output=/tmp/somefile is used then the following command is executed by gitaly in findcommits.go:...

1.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/07/22 1:39 p.m.5 views

nodejs-tar: Arbitrary file overwrites when extracting tarballs containing a hard-link

A flaw was found in nodejs-tar in versions prior to 4.4.2. An arbitrary file overwrite can occur when extracting tarballs containing a hard-link to a file that already exists in the system. Further, a file that matches the hard-link may overwrite the system's files with the contents of the...

7.5CVSS7.2AI score0.03145EPSS
Exploits1References5
OSV
OSV
added 2019/07/19 6:3 a.m.2 views

OPENSUSE-SU-2019:1718-1 Security update for libqb

This update for libqb fixes the following issues: Security issue fixed: - CVE-2019-12779: Fixed an issue where a local attacker could overwrite privileged system files bsc1137835. This update was imported from the SUSE:SLE-15:Update update project...

7.1CVSS6.7AI score0.00655EPSS
Exploits1References3
CNVD
CNVD
added 2019/07/12 12:0 a.m.2 views

Private Internet Access (PIA) VPN Client Arbitrary File Overwrite Vulnerability

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary file overwrite vulnerability exists in the London Trust Media Private Internet Access PIA VPN client version 82 for Linux and macOS. An attacker can exploit this vulnerability to overwrite any fil...

7.1CVSS6.8AI score0.00582EPSS
Exploits1References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.1 views

Private Internet Access (PIA) VPN Client Arbitrary File Overwrite Vulnerability (CNVD-2019-24220)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary file overwrite vulnerability exists in the London Trust Media Private Internet Access PIA VPN client 0.9.8 beta build 02099 for macOS. An attacker can exploit this vulnerability to cause a denial ...

7.1CVSS6.9AI score0.00643EPSS
Exploits1References1
OSV
OSV
added 2019/07/11 8:15 p.m.3 views

CVE-2019-12573

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpnlauncher binary is setuid root. This binary supports the --log option, which accepts a path as an argument...

7.1CVSS7.2AI score0.00582EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/07/11 7:45 p.m.26 views

CVE-2019-12571

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v0.9.8 beta build 02099 for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists,...

6.8AI score0.00643EPSS
Exploits1References1
CVE
CVE
added 2019/07/11 7:45 p.m.132 views

CVE-2019-12571

Affected software: London Trust Media Private Internet Access (PIA) VPN Client for macOS, v0.9.8 beta (build 02099). Vulnerability details: When the client connects, it creates the XML file /tmp/pia-watcher.plist. If this file exists, it is truncated and its contents overwritten by an attacker wi...

7.1CVSS6.7AI score0.00643EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/07/04 12:15 p.m.19 views

Code injection

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled...

6.6CVSS5.5AI score0.00443EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/07/04 12:0 a.m.38 views

Kubernetes 1.12.x < 1.12.9 / 1.13.x < 1.13.6 / 1.14.x < 1.14.2 kubectl directory traversal

The version of Kubernetes installed on the remote host is a version prior to 1.12.9, or 1.13.x prior to 1.13.6, or 1.14.x prior to 1.14.2. It is, therefore, affected by a directory traversal vulnerability in the kubectl cp command due to mishandling of symlinks when copying files from a running...

6.5CVSS6.8AI score0.03616EPSS
Exploits0References2
OSV
OSV
added 2019/07/02 8:15 p.m.19 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS6.4AI score
Exploits0References5
NVD
NVD
added 2019/07/02 8:15 p.m.23 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS7.3AI score0.02781EPSS
Exploits0References5
OSV
OSV
added 2019/07/02 8:15 p.m.1 views

DEBIAN-CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS8.3AI score0.02781EPSS
Exploits0References1
Prion
Prion
added 2019/07/02 8:15 p.m.10 views

Design/Logic Flaw

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

6.4CVSS7.3AI score0.02781EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/07/02 8:15 p.m.2 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS5.5AI score0.02781EPSS
Exploits0References7
Cvelist
Cvelist
added 2019/07/02 7:26 p.m.28 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.3AI score0.02781EPSS
Exploits0References5
CVE
CVE
added 2019/07/02 7:26 p.m.460 views

CVE-2019-13173

CVE-2019-13173 affects the Node.js fstream module (pre-1.0.12). The vulnerability is in fstream.DirWriter and allows overwriting system files when extracting tarballs containing a hardlink to an existing file, overwriting the target with the extracted content. Impact is arbitrary file overwrite o...

7.5CVSS7.2AI score0.02781EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2019/07/02 7:26 p.m.12 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS7.5AI score0.02781EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/07/02 12:0 a.m.17 views

CVE-2019-13173

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter function is...

7.5CVSS7.1AI score0.02781EPSS
Exploits0References5
Rows per page
Query Builder