CVE-2025-46293

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-43278

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-46293

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-46293

The CVE-2025-46293 issue relates to macOS prior to Sequoia 15.4 where improper handling of symbolic links could allow an app to access protected user data. The root cause is described as improved handling of symlinks in Sequoia 15.4, which fixes the vulnerability. The fix is to update to macOS Se...

EUVD-2025-210118

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-43278

CVE-2025-43278 affects macOS Sequoia prior to 15.4; the issue arises from improper handling of symlinks and is addressed in macOS Sequoia 15.4. The description notes that an app may be able to access protected user data due to this flaw. According to the connected sources, the vulnerability is mi...

EUVD-2025-210111

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

CVE-2025-43278

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

UBUNTU-CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

EUVD-2026-31658

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

PT-2026-42620

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a regression issue related to native SMB symbolic links. Some users and customers reported that their backup/copy tools began to fail when the directory being copied contained symbolic link targets that the...

Astra Linux - уязвимость в multipath-tools

Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...

CVE-2026-35372

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

USN-8138-2 rust-tar vulnerability

USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a speciall...

USN-8168-1: Rust vulnerability

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

PT-2026-32712

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

Improper Symlink Handling

kubevirt.io/kubevirt is vulnerable to improper symlink handling. The vulnerability is due to improper validation of symbolic links in PVC disk mounting along with incorrect file ownership changes, which allows an attacker with control over PVC contents to create malicious symlinks and read...