Lucene search
K

36 matches found

CNVD
CNVD
added 2018/08/22 12:0 a.m.1 views

Pyro Arbitrary File Overwrite Vulnerability

pyro is a distributed object technology system written in the Python language. An arbitrary file overwrite vulnerability exists in pyro versions prior to 3.15, which stems from a program that does not securely handle pid files in a temporary directory and opens the pid file as root. The...

7.5CVSS7.5AI score0.02188EPSS
Exploits1References1
OSV
OSV
added 2018/08/21 5:1 p.m.26 views

GHSA-XRR4-74MC-RPJC Pyro mishandles pid files in temporary directory locations and opening the pid file as root

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS7.4AI score0.02188EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2018/08/21 5:1 p.m.21 views

Pyro mishandles pid files in temporary directory locations and opening the pid file as root

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS2.2AI score0.02188EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2018/08/21 2:46 a.m.18 views

Arbitrary File Write

pyro is vulnerable to arbitrary file write. The pid files are stored in the temporary directory location /tmp and opened as root user, which allows an attacker to abuse the vulnerability to overwrite arbitrary files via symlinks...

7.5CVSS7.4AI score0.02188EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/08/20 1:29 p.m.17 views

CVE-2011-2765

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS7.5AI score0.02188EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2018/08/20 1:29 p.m.14 views

CVE-2011-2765

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS7.2AI score0.02188EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 1:29 p.m.18 views

PYSEC-2018-99

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS2.9AI score0.02188EPSS
Exploits1References4
PyPA
PyPA
added 2018/08/20 1:29 p.m.7 views

PYSEC-2018-99

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS7.1AI score0.02188EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2018/08/20 1:29 p.m.11 views

Design/Logic Flaw

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

5CVSS7AI score0.02188EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/08/20 1:0 p.m.70 views

CVE-2011-2765

CVE-2011-2765 affects Pyro before 3.15, which unsafely handles pid files in temporary directories and opens the pid file as root. This enables a symlink-based overwrite of arbitrary files by an attacker, as described in multiple connected sources. The vulnerability is limited to versions prior to...

7.5CVSS7.4AI score0.02188EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/08/20 1:0 p.m.16 views

CVE-2011-2765 Insecure temporary file handling

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5AI score0.02188EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2018/08/20 1:0 p.m.30 views

CVE-2011-2765

Removed by vendor...

7.5CVSS7.6AI score0.02188EPSS
Exploits1
NVD
NVD
added 2017/06/16 3:29 p.m.18 views

CVE-2017-9731

In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...

7.5CVSS7.5AI score0.01104EPSS
Exploits0References1
OSV
OSV
added 2017/06/16 3:29 p.m.6 views

CVE-2017-9731

In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...

7.5CVSS5.8AI score0.01104EPSS
Exploits0References1
Prion
Prion
added 2017/06/16 3:29 p.m.12 views

Code injection

In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...

5CVSS6.7AI score0.01104EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/06/16 3:0 p.m.48 views

CVE-2017-9731

The CVE-2017-9731 entry concerns the Yocto Project/Poky component: meta/classes/package_ipk.bbclass (Poky-Pyro 17.0.0 for Yocto through YP Core - Pyro 2.3). The issue enables information disclosure by allowing attackers to read a URL from a Source entry in an ipk package, exposing sensitive data....

7.5CVSS7.4AI score0.01104EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder