CVE-ubuntu-server-24.04

CVE-2026-XXXX: Apport ExecutablePath Spoofing Zero-day vuln...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

Windows NTLM Spoofing Vulnerability

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

CVE-2025-41421

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

CVE-2025-41421 Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

PT-2025-40242

Name of the Vulnerable Software and Affected Versions TeamViewer versions prior to 15.70 TeamViewer Remote versions prior to 15.70 Tensor versions prior to 15.70 Description A flaw exists in the handling of symbolic links within the TeamViewer Full Client and Host for Windows, as well as TeamView...

CVE-2025-53769

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally...

Important: dotnet8.0

Issue Overview: External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. CVE-2025-26646 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250609 to...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG version 6. An attacker could exploit the vulnerability to access the internal network and spoof file paths...

SUSE CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS

A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use...

CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

UBUNTU-CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

DEBIAN-CVE-2017-12132

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

Design/Logic Flaw

The DNS stub resolver in the GNU C Library aka glibc or libc6 before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation...

CVE-2017-12132

Summary : CVE-2017-12132 affects the GNU C Library (glibc) DNS stub resolver, enabling off-path DNS spoofing attacks by eliciting large UDP responses when EDNS is enabled. IBM and related advisories reference this GLIBC flaw and tie it to affected IBM hardware/software bundles. What is affected (...

Dell VPN client Netextender 0day analysis-vulnerability warning-the black bar safety net

The VPN client is most IT security professionals will use a tool, using it can be connected to a“restricted”local area network, anonymous Internet access, ensure network traffic security, etc. But just imagine, if the VPN client can cause the machine to the elevation of privileges? Note: currentl...

Rsync path spoofing attack vulnerability-vulnerability warning-the black bar safety net

Affected system: Samba rsync 3.1.1 Description: CVECAN ID: CVE-2 0 1 4-9 5 1 2 rsync is a fast incremental file transfer tool that is used in the same host the backup inside the backup. rsync 3.1.1 version there is a path spoofing attack vulnerability, through the synchronization path of the file...

openSUSE Security Update : rsync (openSUSE-2015-124)

rsync was updated to fix one security issue. This security issue was fixed : - Path spoofing attack vulnerability CVE-2014-9512. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

OpenSSH 1.2 - .scp File CreateOverwrite

OpenSSH 1.2 - .scp File CreateOverwrite source: https://www.securityfocus.com/bid/1742/info A vulnerability exists in the 1.2.x releases of scp which, if properly exploited using a modified scp binary on the server end, can permit the remote server to spoof local pathnames and overwrite files...