Lucene search
K

624 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-45339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a...

7.1CVSS7.2AI score0.00281EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2018-1063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an...

4.4CVSS5.7AI score0.00394EPSS
Exploits0References3
CVE
CVE
added 2025/02/27 12:0 a.m.70 views

CVE-2025-25330

Technical details are not publicly available in the provided documents. No specifics on affected components, root cause, or exploitability are disclosed. Monitor for updates from official sources.

5.5CVSS5.8AI score0.00176EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.14 views

Dell SupportAssist OS Recovery Symbolic Link Attack (DSA-2025-051)

According to its self-reported version number, the version of Dell SupportAssist OS Recovery is affected by a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privilege...

7.8CVSS5.9AI score0.00167EPSS
Exploits0References2
CNVD
CNVD
added 2025/02/18 12:0 a.m.1 views

Dell SupportAssist OS Recovery Symbolic Link Attack Vulnerability

Dell SupportAssist OS Recovery is a built-in recovery tool for Dell computers, which is mainly used to solve system problems or hardware failures. Dell SupportAssist OS Recovery suffers from a symbolic link attack vulnerability that can be exploited by attackers to cause arbitrary file deletion a...

7.8CVSS7AI score0.00167EPSS
Exploits0References1
Debian
Debian
added 2025/02/17 9:2 a.m.6 views

[SECURITY] [DLA 4056-1] golang-glog security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura February 17, 2025 https://wiki.debian.org/LTS -...

7.1CVSS6.5AI score0.00281EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/15 4:23 p.m.17 views

CVE-2025-22480

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges...

7.8CVSS6.7AI score0.00167EPSS
Exploits0References3
NVD
NVD
added 2025/02/13 4:16 p.m.13 views

CVE-2025-22480

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges...

7.8CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/13 4:4 p.m.14 views

CVE-2025-22480

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges...

7CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/13 4:4 p.m.10 views

CVE-2025-22480

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges...

7CVSS7AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 4:4 p.m.84 views

CVE-2025-22480

Dell SupportAssist OS Recovery (CVE-2025-22480) is affected in versions prior to 5.5.13.1 due to a symbolic link attack that a local, low-privilege attacker could exploit to delete arbitrary files and achieve Elevation of Privileges. Affected software is Dell SupportAssist OS Recovery. Root cause...

7.8CVSS7AI score0.00167EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/13 12:0 a.m.3 views

Dell SupportAssist OS Recovery 安全漏洞

Dell SupportAssist OS Recovery is a built-in recovery tool for Dell computers, which is mainly used to solve system problems or hardware failures. Dell SupportAssist OS Recovery suffers from a symbolic link attack vulnerability that can be exploited by attackers to cause arbitrary file deletion a...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/31 5:14 a.m.5 views

Symbolic Link Attack

github.com/golang/glog is vulnerable to symbolic link attack. The vulnerability is due to improper log file handling, which allows logs to be written to a widely-writable directory and also allows an attacker to pre-create a symlink to a sensitive file, which a privileged process may then overwri...

7.1CVSS7.1AI score0.00281EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/28 9:25 a.m.14 views

CVE-2024-45339

A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability. Mitigation Mitigation for this issue is either not available or the...

7.1CVSS6.4AI score0.00281EPSS
Exploits0References8
NVD
NVD
added 2025/01/28 2:15 a.m.22 views

CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

7.1CVSS0.00281EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/01/28 1:3 a.m.4 views

CVE-2024-45339 Vulnerability when creating log files in github.com/golang/glog

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

6.7AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 2025/01/28 12:47 a.m.9 views

GO-2025-3372 Vulnerability when creating log files in github.com/golang/glog

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

7.1CVSS6.8AI score0.00281EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/27 12:0 a.m.7 views

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

6.3AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2024/11/22 10:15 p.m.3 views

CVE-2024-7234

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS6.2AI score0.00352EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.9 views

RHEL 7 : instack-undercloud (RHSA-2017:2726)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:2726 advisory. instack-undercloud provides a collection of scripts and elements that can be used to install an OpenStack undercloud using python-instack. The...

6.4CVSS6.6AI score0.00347EPSS
Exploits0References6
Rows per page
Query Builder