Lucene search
K

87 matches found

Prion
Prion
added 2019/10/31 12:15 a.m.11 views

Design/Logic Flaw

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

2.1CVSS5.4AI score0.0038EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/30 11:7 p.m.16 views

CVE-2019-18644

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

5.6AI score0.00561EPSS
Exploits1References1
CVE
CVE
added 2019/10/30 11:7 p.m.99 views

CVE-2019-18644

The CVE-2019-18644 entry describes a TOCTOU vulnerability in the malware scan function of Total Defense Anti-virus 11.5.2.28. The issue allows symbolic link attacks to delete privileged files, i.e., an attacker could exploit the TOCTOU race condition to gain or cause modification/deletion of prot...

5.9CVSS5.6AI score0.00561EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/10/30 11:7 p.m.105 views

CVE-2019-18645

CVE-2019-18645 affects Total Defense Anti-virus 11.5.2.28. The quarantine restoration function is susceptible to symbolic link attacks, allowing files to be written to privileged directories. The cited sources consistently describe a local impact enabling modification of privileged targets via th...

5.5CVSS5.4AI score0.0038EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/03/28 3:29 p.m.17 views

Hardcoded credentials

NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation...

6.9CVSS7.1AI score0.01163EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2018/12/28 12:0 a.m.272 views

The RPC vulnerability mining case studies, on-vulnerability and early warning-the black bar safety net

2018 8 the end of the month, a self-proclaimed“sandbox escape”SandboxEscaperof female researchers released a Windows local privilege escalation 0 day vulnerability. In addition, also attach a proof of concept attack that allows hackers to read the system in unauthorized areas, but at the moment...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2015/09/15 12:0 a.m.35 views

Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation

Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/01 12:0 a.m.29 views

Fedora 21 : abrt-2.3.0-7.fc21 / gnome-abrt-1.0.0-3.fc21 / libreport-2.3.0-8.fc21 (2015-10193)

Security fixes for : - CVE-2015-3315 - CVE-2015-3142 - CVE-2015-1869 - CVE-2015-1870 - CVE-2015-3151 - CVE-2015-3150 - CVE-2015-3159 abrt: ===== - Move the default dump location from /var/tmp/abrt to /var/spool/abrt - Use root for owner of all dump directories - Stop reading hserror.log from /tmp...

7.8CVSS6.3AI score0.04776EPSS
Exploits4References22
CNVD
CNVD
added 2015/04/28 12:0 a.m.2 views

fedora-business-cards Insecure Temporary File Creation Vulnerability

Fedora is a Linux-based operating system developed by the Fedora Project community and sponsored by Red Hat. fedora-business-cards is a business card generator. An insecure temporary file creation vulnerability exists in fedora-business-cards, which stems from the program using an insecure way to...

7.1CVSS6.7AI score0.00345EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/04/19 12:0 a.m.70 views

[ MDVSA-2015:099 ] python-pillow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:099 http://www.mandriva.com/en/support/security/ Package : python-pillow Date : March 28, 2015 Affected: Business Server 2.0 Problem Description: Updated python-imaging packages fix security vulnerabilities:...

10CVSS8AI score0.12055EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/11/12 12:0 a.m.44 views

CentOS 5 : sssd (CESA-2013:1319)

Updated sssd packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

3.7CVSS5.8AI score0.00366EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.56 views

[ MDVSA-2014:154 ] readline

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:154 http://www.mandriva.com/en/support/security/ Package : readline Date : August 6, 2014 Affected: Business Server 1.0 Problem Description: Updated readline packages fix security vulnerability: Steve Kemp...

3.3CVSS9.2AI score0.00432EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/07 12:0 a.m.27 views

Mandriva Linux Security Advisory : readline (MDVSA-2014:154)

Updated readline packages fix security vulnerability : Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in v...

3.3CVSS7.5AI score0.00432EPSS
Exploits0References2
OSV
OSV
added 2014/08/06 10:31 a.m.8 views

MGASA-2014-0319 Updated readline packages fix security vulnerability

Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...

3.3CVSS6.1AI score0.00432EPSS
Exploits0References3
Mageia
Mageia
added 2014/08/06 10:31 a.m.32 views

Updated readline packages fix security vulnerability

Steve Kemp discovered the rltropen function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks CVE-2014-2524. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when...

3.3CVSS8.9AI score0.00432EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

UTempter 0.5.x Multiple Local Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10178/info It has been reported that utempter is affected by multiple local vulnerabilities. The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Lmail 2.7 Temporary File Race Condition Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2984/info Jon Zeeff's lmail is a local mail delivery agent LDA designed to provide mail-to-pipe and mail-to-file aliasing for smail. A race condition vulnerability exists in lmail. The lmail program makes insecure use of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

DirectAdmin <= 1.33.3 '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. Th...

7.1AI score
Exploits0
Mageia
Mageia
added 2014/06/06 5:47 a.m.34 views

Updated emacs packages fix CVE-2014-3421-4

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424...

3.3CVSS6.3AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2014/06/06 5:47 a.m.7 views

MGASA-2014-0250 Updated emacs packages fix CVE-2014-3421-4

Updated emacs packages fix security vulnerabilities: Steve Kemp discovered multiple temporary file handling issues in Emacs. A local attacker could use these flaws to perform symbolic link attacks against users running Emacs CVE-2014-3421, CVE-2014-3422, CVE-2014-3423, CVE-2014-3424...

3.3CVSS6.1AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder