9 matches found
SUSE SLES12 Security Update : s390-tools (SUSE-SU-2021:0776-1)
This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...
GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...
GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli
Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...
Local Privilege Escalation
Overview Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission t...
Arbitrary File Write
Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...
Debian Security Advisory DSA 3285-1 (qemu-kvm - security update)
Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. CVE-2015-3209 Matt Tait of Google OpenVAS Vulnerability Test $Id: deb3285.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3285-1 using nvtgen 1.0 Script version: 1.0...
CVE-2012-2451
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...
DSA-2451-1 puppet - several
Bulletin has no description...
CVE-2012-0808
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack...