CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50255 – Zip Path Traversal in Deepin-Compressor
https://notcve.org/view.php?id=CVE-2023-50255
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. Deepin-Compressor es el administrador de archivos predeterminado del sistema operativo Deepin Linux. • https://github.com/linuxdeepin/deepin-compressor/commit/82f668c78c133873f5094cfab6e4eabc0b70e4b6 https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-rw5r-8p9h-3gp2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal CWE-26: Path Traversal: '/dir/../filename' •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50254 – Deepin Reader RCE vulnerability due to a design flaw
https://notcve.org/view.php?id=CVE-2023-50254
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. • https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04 https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6 https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-27: Path Traversal: 'dir/../../filename' •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13229
https://notcve.org/view.php?id=CVE-2019-13229
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. deepin-clone anterior a versión 1.1.3, utiliza una ruta (path) fija /tmp/partclone.log en la función Helper::getPartitionSizeInfo() para escribir un archivo de registro como root, y sigue ahí los enlaces simbólicos (symlinks). Un usuario sin privilegios puede preparar ahí un ataque de enlace simbólico para crear o sobrescribir archivos en ubicaciones del sistema de archivos arbitrarias. El contenido no es controlado por el atacante. • http://www.openwall.com/lists/oss-security/2019/07/04/1 https://bugzilla.suse.com/show_bug.cgi?id=1130388 https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13228
https://notcve.org/view.php?id=CVE-2019-13228
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. deepin-clone anterior a versión 1.1.3, utiliza una ruta (path) fija /tmp/repo.iso en la función BootDoctor::fix() para descargar un archivo ISO, y sigue ahí los enlaces simbólicos (symlinks). Un usuario sin privilegios puede preparar en esta ubicación un ataque de enlace simbólico para crear o sobrescribir archivos en ubicaciones del sistema de archivos arbitrarias. • http://www.openwall.com/lists/oss-security/2019/07/04/1 https://bugzilla.suse.com/show_bug.cgi?id=1130388 https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13227
https://notcve.org/view.php?id=CVE-2019-13227
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. En modo GUI, deepin-clone anterior a versión 1.1.3 crea un archivo de registro en la ruta fija /tmp/.deepin-clone.log como root, y sigue ahí los enlaces simbólicos (symlinks). Un usuario sin privilegios puede preparar en esta ubicación un ataque de enlace simbólico para crear o sobrescribir archivos en ubicaciones del sistema de archivos arbitrarias. • http://www.openwall.com/lists/oss-security/2019/07/04/1 https://bugzilla.suse.com/show_bug.cgi?id=1130388 https://github.com/linuxdeepin/deepin-clone/commit/e079f3e2712b4f8c28e3e63e71ba1a1f90fce1ab https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCHGRJV5CWTMYEE5B5C2FNMCFVP45S7H • CWE-59: Improper Link Resolution Before File Access ('Link Following') •