|
223101
|
5.5 |
MEDIUM
Local
|
deepin
|
deepin_clone
|
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare…
|
CWE-59
Link Following
|
CVE-2019-13229
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223102
|
4.7 |
MEDIUM
Local
|
deepin
|
deepin-clone
|
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack ther…
|
CWE-59
Link Following
|
CVE-2019-13228
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223103
|
5.5 |
MEDIUM
Local
|
deepin
|
deepin-clone
|
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to crea…
|
CWE-59
Link Following
|
CVE-2019-13227
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223104
|
7.0 |
HIGH
Local
|
deepin
fedoraproject
|
deepin-clone
fedora
|
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivile…
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2019-13226
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223105
|
7.3 |
HIGH
Local
|
maxx
|
waves_maxx_audio
|
WavesSysSvc in Waves MAXX Audio allows privilege escalation because the General registry key has Full Control access for the Users group, leading to DLL side loading. This affects WavesSysSvc64.exe 1…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2019-13208
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223106
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource manage…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-13074
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223107
|
9.8 |
CRITICAL
Network
|
nlnetlabs
|
name_server_daemon
|
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-13207
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223108
|
6.1 |
MEDIUM
Network
|
1234n
|
minicms
|
In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-2…
|
CWE-79
Cross-site Scripting
|
CVE-2019-13186
|
2024-11-21 13:24 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223109
|
7.8 |
HIGH
Local
|
qemu
debian
opensuse
canonical
|
qemu
debian_linux
leap
ubuntu_linux
|
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL …
|
NVD-CWE-noinfo
|
CVE-2019-13164
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223110
|
7.5 |
HIGH
Network
|
calamares
|
calamares
|
Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-13179
|
2024-11-21 13:24 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
