9 matches found
CVE-2026-11853
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
PT-2026-48397
Name of the Vulnerable Software and Affected Versions Debusine affected versions not specified Description Debusine uses a parser to read Debian source packages .dsc and upload artifacts .changes, which are manifest files listing the components of an artifact. This parser accepts arbitrary paths...
EUVD-2020-0291
Malware in sbrugna...
Design/Logic Flaw
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
UBUNTU-CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
CVE-2018-10928
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...
CVE-2018-10928
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...
CVE-2018-10928
A flaw was found in RPC request using gfs3symlinkreq in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on...