575 matches found
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Improper Link Resolution Before File Access ('Link Following')
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2022-1353)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : libarchive (EulerOS-SA-2022-1353)
According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of ...
libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...
CVE-2022-20050
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038...
CVE-2022-20050
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038...
ASUS Rog Live Service Incorrect Link Resolution Vulnerability
ASUS Rog Live Service is a Desktop Shareware program from ASUS in China. A security vulnerability exists in ASUS Rog Live Service, which stems from a feature in ROG Live Service that deletes temporary files created by the installation without verifying the path before deletion, which can be...
CVE-2022-22262
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
CVE-2022-22262
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
CVE-2022-22262 ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...
CVE-2022-22262
The CVE-2022-22262 issue affects ASUS ROG Live Service (the installer’s temporary file handling). It is caused by an improper link resolution before file access in the function that deletes temp files; the path is not validated. This allows an unauthenticated local attacker to create an unintende...
Ubuntu 20.04 LTS : libarchive vulnerabilities (USN-5291-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5291-1 advisory. It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, a...
Input validation
An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...
CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation
An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. Work...
OESA-2022-1494 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
CVE-2022-0012
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR age...
PT-2022-1524 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Cleanup Manager. It is caused by incorrect link resolution before accessing a file. Exploitation of this issue...
UBUNTU-CVE-2021-31566
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...