Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/04/24 8:16 p.m.4 views

CVE-2026-31613

A flaw was found in the Linux kernel's Server Message Block SMB client. A remote, untrusted server could send a specially crafted symlink error response, leading to an out-of-bounds read vulnerability. This could result in the disclosure of sensitive information from the kernel's memory to a loca...

8.1CVSS5.1AI score0.00378EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

RHEL 8 : git-lfs (RHSA-2026:0459)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

8.6CVSS5.3AI score0.00707EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/23 12:0 a.m.5 views

AlmaLinux 10 : git-lfs (ALSA-2025:23667)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23667 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the AlmaLin...

8.6CVSS5.2AI score0.00707EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/15 8:32 p.m.2 views

Symlink Attack

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Symlink Attack due to handling symbolic links in the specific subdirectories from a fetched source. An attacker can acces...

8.7CVSS6.9AI score0.00507EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:34 a.m.10 views

CVE-2024-54148

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

9.8CVSS6.7AI score0.00837EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/23 3:22 p.m.14 views

CVE-2024-54148 Gogs has a Path Traversal in file editing UI

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

8.7CVSS7.2AI score0.00837EPSS
Exploits1References4
OSV
OSV
added 2024/12/23 3:22 p.m.12 views

CVE-2024-54148 Gogs has a Path Traversal in file editing UI

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1...

8.7CVSS6.5AI score0.00837EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.7 views

PT-2023-9826

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description The issue is related to errors in handling symbolic links in the Gogs self-hosted Git service. A malicious user can commit and edit a crafted symlink file to a repository, allowing them to gain SSH...

9.9CVSS7.9AI score0.75197EPSS
Exploits5References74
OSV
OSV
added 2023/05/30 10:15 p.m.1 views

DEBIAN-CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. Chromium security severity: Medium...

7.8CVSS7.6AI score0.00454EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/09 12:15 a.m.4 views

CVE-2022-27883

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this...

8.5CVSS7AI score0.01187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/09/14 1:15 a.m.5 views

AZL-7464 CVE-2021-41072 affecting package squashfs-tools for versions less than 4.5.1-1

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

8.1CVSS6.6AI score0.02136EPSS
Exploits1References1
OSV
OSV
added 2021/09/14 12:0 a.m.2 views

UBUNTU-CVE-2021-41072

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

8.1CVSS6.7AI score0.02136EPSS
Exploits1References7
NVD
NVD
added 2017/09/06 9:29 p.m.29 views

CVE-2015-5705

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename...

7.5CVSS7.5AI score0.03118EPSS
Exploits0References6
Rows per page
Query Builder