3095 matches found
Remote Code Execution (RCE)
Bundler is vulnerable to remote code execution RCE. The attack is possible because a world writable temporary directory with predictable name tmp/: is created by tmphomepath when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries...
PT-2019-5544 · Ruby +6 · Bundler +6
Name of the Vulnerable Software and Affected Versions: Bundler versions prior to 2.1.0 Description: The issue is related to the use of predictable paths in /tmp/ with insecure permissions as a storage location for gems when locations under the user's home directory are not available. If Bundler i...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
CVE-2019-11730
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...
Code injection
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code...
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...
Improper Verification of Cryptographic Signature in django-rest-registration
Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...
Prima FlexAir Database Configuration Backup Download Vulnerability
Prima Systems FlexAir is an access control system from Prima Systems in Slovenia. A database configuration backup download vulnerability exists in Prima FlexAir version 2.3.38 and earlier. The vulnerability stems from a predictable file name. An attacker could exploit the vulnerability to downloa...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
CVE-2019-7667
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...
Wrong And Predictable Encryption
github.com/golang/crypto is vulnerable to predictable encryption. In the keystream generation of more than 256 GiB in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa, it can first generate incorrect output and finally cycling back to the previously...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
Design/Logic Flaw
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
UBUNTU-CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...
CVE-2019-12779
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...