36 matches found
Pyro Arbitrary File Overwrite Vulnerability
pyro is a distributed object technology system written in the Python language. An arbitrary file overwrite vulnerability exists in pyro versions prior to 3.15, which stems from a program that does not securely handle pid files in a temporary directory and opens the pid file as root. The...
GHSA-XRR4-74MC-RPJC Pyro mishandles pid files in temporary directory locations and opening the pid file as root
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
Arbitrary File Write
pyro is vulnerable to arbitrary file write. The pid files are stored in the temporary directory location /tmp and opened as root user, which allows an attacker to abuse the vulnerability to overwrite arbitrary files via symlinks...
CVE-2011-2765
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
CVE-2011-2765
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
PYSEC-2018-99
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
PYSEC-2018-99
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
Design/Logic Flaw
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
CVE-2011-2765
CVE-2011-2765 affects Pyro before 3.15, which unsafely handles pid files in temporary directories and opens the pid file as root. This enables a symlink-based overwrite of arbitrary files by an attacker, as described in multiple connected sources. The vulnerability is limited to versions prior to...
CVE-2011-2765 Insecure temporary file handling
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...
CVE-2011-2765
Removed by vendor...
CVE-2017-9731
In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...
CVE-2017-9731
In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...
Code injection
In meta/classes/packageipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package...
CVE-2017-9731
The CVE-2017-9731 entry concerns the Yocto Project/Poky component: meta/classes/package_ipk.bbclass (Poky-Pyro 17.0.0 for Yocto through YP Core - Pyro 2.3). The issue enables information disclosure by allowing attackers to read a URL from a Source entry in an ipk package, exposing sensitive data....