Lucene search
K

575 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/04/06 12:0 a.m.35 views

Improper Link Resolution Before File Access ('Link Following')

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS5.4AI score0.00432EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/04/06 12:0 a.m.32 views

Improper Link Resolution Before File Access ('Link Following')

An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS5.4AI score0.00432EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2022/03/29 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2022-1353)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00367EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/03/28 12:0 a.m.30 views

EulerOS 2.0 SP8 : libarchive (EulerOS-SA-2022-1353)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of ...

7.8CVSS6.7AI score0.00367EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/03/15 10:25 a.m.5 views

libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

7.8CVSS7.2AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:45 p.m.4 views

CVE-2022-20050

In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038...

6.7CVSS6.7AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2022/03/10 5:45 p.m.5 views

CVE-2022-20050

In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038...

6.7CVSS5.9AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.27 views

ASUS Rog Live Service Incorrect Link Resolution Vulnerability

ASUS Rog Live Service is a Desktop Shareware program from ASUS in China. A security vulnerability exists in ASUS Rog Live Service, which stems from a feature in ROG Live Service that deletes temporary files created by the installation without verifying the path before deletion, which can be...

7.7CVSS6.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2022/03/01 2:15 a.m.14 views

CVE-2022-22262

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...

7.7CVSS0.00253EPSS
Exploits0References1
OSV
OSV
added 2022/03/01 2:15 a.m.4 views

CVE-2022-22262

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...

7.7CVSS7.2AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/01 1:55 a.m.13 views

CVE-2022-22262 ASUS Armoury Crate & Aura Creator Installer之ROG Live Service - Improper Link Resolution Before File Access

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...

7.7CVSS7.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2022/03/01 1:55 a.m.84 views

CVE-2022-22262

The CVE-2022-22262 issue affects ASUS ROG Live Service (the installer’s temporary file handling). It is caused by an improper link resolution before file access in the function that deletes temp files; the path is not validated. This allows an unauthenticated local attacker to create an unintende...

7.7CVSS7.7AI score0.00253EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/17 12:0 a.m.51 views

Ubuntu 20.04 LTS : libarchive vulnerabilities (USN-5291-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5291-1 advisory. It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, a...

7.8CVSS7.6AI score0.02845EPSS
Exploits0References4
Prion
Prion
added 2022/02/10 6:15 p.m.36 views

Input validation

An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...

6.9CVSS7.7AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/10 6:10 p.m.25 views

CVE-2022-0017 GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This iss...

7CVSS7.9AI score0.00276EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2022/02/09 5:0 p.m.75 views

GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

An improper link resolution before file access 'link following' vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. Work...

7.8CVSS4.1AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2022/01/22 11:3 a.m.2 views

OESA-2022-1494 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.8CVSS6.9AI score0.00367EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/01/12 5:0 p.m.4 views

CVE-2022-0012

An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. This issue impacts: Cortex XDR age...

7.1CVSS7.2AI score0.00241EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/11 12:0 a.m.4 views

PT-2022-1524 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Cleanup Manager. It is caused by incorrect link resolution before accessing a file. Exploitation of this issue...

7.8CVSS9.2AI score0.01483EPSS
Exploits0References11
OSV
OSV
added 2021/12/24 12:0 a.m.5 views

UBUNTU-CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. ...

7.8CVSS6.8AI score0.00366EPSS
Exploits0References3
Rows per page
Query Builder