423 matches found
EUVD-2026-35675
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Link Resolution Before File Access ('Link Following'), Use of Insufficiently Random Values, Insecure Temporary File (CVE-2026-40977, CVE-2026-40975, CVE-2026-40973)
Summary There are vulnerabilities in spring-boot-3.5.12.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-40977, CVE-2026-40975, CVE-2026-40973. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as...
RLSA-2026:25114 Important: .NET 10.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime...
RockyLinux 8 : .NET 9.0 (RLSA-2026:25113)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25113 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
RockyLinux 8 : .NET 8.0 (RLSA-2026:25110)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25110 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
Linux Distros Unpatched Vulnerability : CVE-2026-45491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Note that Ness...
Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
CVE-2026-44275
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-41116
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-50512
Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-45586
Improper link resolution before file access 'link following' in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally...
CVE-2026-42989
Improper link resolution before file access 'link following' in Winlogon allows an authorized attacker to elevate privileges locally...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
dotnet: .NET: Local file tampering via link following vulnerability
A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...
CVE-2026-28262
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...