Lucene search
+L

29 matches found

prion
prion
added 2019/07/04 12:15 p.m.20 views

Code injection

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content...

6.6CVSS5.5AI score0.00443EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2019/07/04 11:33 a.m.25 views

CVE-2019-13229

deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content...

6AI score0.00443EPSS
Exploits0References4
cve
cve
added 2019/07/04 11:33 a.m.57 views

CVE-2019-13229

Affected software: deepin-clone up to version 1.1.3. Root cause: Helper::getPartitionSizeInfo writes a log at /tmp/partclone.log and follows symlinks, enabling an unprivileged user to perform a symlink attack to create or overwrite arbitrary filesystem files. Impact: local, unprivileged attacker ...

6.6CVSS5.9AI score0.00443EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2019/07/04 11:33 a.m.23 views

CVE-2019-13228

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker...

5.8AI score0.00386EPSS
Exploits0References4
cve
cve
added 2019/07/04 11:33 a.m.51 views

CVE-2019-13228

Per the provided documents, CVE-2019-13228 affects the Deepin tool deepin-clone prior to version 1.1.3, which uses a fixed path /tmp/repo.iso in BootDoctor::fix() and follows symlinks. This enables a local attacker to leverage a symlink race to replace /tmp/repo.iso with an attacker-controlled IS...

6.6CVSS5.6AI score0.00386EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2019/07/04 11:32 a.m.26 views

CVE-2019-13227

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled...

6AI score0.00443EPSS
Exploits0References4
cve
cve
added 2019/07/04 11:32 a.m.58 views

CVE-2019-13227

CVE-2019-13227 affects deepin-clone prior to 1.1.3, where GUI mode writes a log to /tmp/.deepin-clone.log as root and then follows symlinks. This enables a local unprivileged user to perform a symlink attack to create or overwrite files in arbitrary filesystem locations; the content is not attack...

6.6CVSS5.9AI score0.00443EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2019/07/04 11:32 a.m.26 views

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...

6.7AI score0.00278EPSS
Exploits0References4
cve
cve
added 2019/07/04 11:32 a.m.59 views

CVE-2019-13226

CVE-2019-13226 affects deepin-clone (prior to 1.1.3). The issue arises from a predictable path used in Helper::temporaryMountDevice() (/tmp/.deepin-clone/mount/) to mount a filesystem as root. An unprivileged user can create a symlink at this path and, by racing, mount the filesystem at an arbitr...

7CVSS6.6AI score0.00278EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder