rubygems: Delete directory using symlink when decompressing tar

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

Directory traversal

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

CVE-2019-8320

RubyGems vulnerability CVE-2019-8320: A Directory Traversal flaw in RubyGems 2.7.6–3.0.2 can delete the target destination when creating directories or touching files, if the path is behind a symlink. This could allow a malicious gem to delete arbitrary files on the user’s machine due to symlink ...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

PYSEC-2019-188

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

PYSEC-2019-188

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

Design/Logic Flaw

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-3902

Mercurial before version 4.9 is affected by CVE-2019-3902. The issue arises from a flaw in path-checking logic that can be bypassed by using symlinks and subrepositories, allowing write access to files outside the repository. Affected product: Mercurial; root cause: bypass of path-checking when d...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-3902

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

CVE-2019-0158

Insufficient path checking in the installation package for IntelR Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-0158

Insufficient path checking in the installation package for IntelR Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel® Graphics Performance Analyzer for Linux Advisory

Summary: A potential security vulnerability in Intel® Graphics Performance Analyzer for Linux may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-0158 Description: Insufficient path checking in the...

CVE-2019-0088

Insufficient path checking in IntelR System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2019-0088

Insufficient path checking in IntelR System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access...

CVE-2019-0088

Intel System Support Utility for Windows prior to 2.5.0.15 is affected by CVE-2019-0088 due to insufficient path checking, enabling an authenticated user to potentially escalate privileges via local access. The vulnerability is documented across CVE records and Intel’s advisory, which confirms af...

Apple iOS Mobile Replayer Arbitrary Code Execution Vulnerability (CNVD-2015-08187)

Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A path-checking vulnerability exists in the Apple iOS Mobile Replayer handling, which could be exploited by an attacker to execute arbitrary code with system privileges...