| CVE-2019-13229 |
AVG-1006 |
Medium |
No |
Arbitrary file overwrite |
deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows... |
| CVE-2019-13228 |
AVG-1006 |
High |
No |
Privilege escalation |
deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An... |
| CVE-2019-13227 |
AVG-1006 |
Medium |
No |
Arbitrary file overwrite |
In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user... |
| CVE-2019-13226 |
AVG-1006 |
High |
No |
Access restriction bypass |
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin- clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to... |