TÜBİTAK BİLGEM Pardus About 后置链接漏洞

TÜBİTAK BİLGEM Pardus About is a component module of the Turkish company TÜBİTAK BİLGEM that provides functionality for displaying operating system information and system descriptions. Versions of TÜBİTAK BİLGEM Pardus About prior to 1.2.1 had a post-link vulnerability; this vulnerability stemmed...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from the asynchronous local file system’s memory tools...

CVE-2019-18644

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

EUVD-2019-8364

Malware in sbrugna...

EUVD-2019-8363

Malware in sbrugna...

EUVD-2019-9832

Malware in sbrugna...

CVE-2019-1267

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'...

Mageia: Security Advisory (MGASA-2014-0319)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-2-1979

2.1979 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

Advisory ROSA-SA-2021-1993

Software: uuid 1.6.2 OS: Cobalt 7.9 CVE-ID: CVE-2013-4184 CVE-Crit: MEDIUM CVE-DESC: module Data :: Perl UUID from CPAN version 1.219 vulnerable to symbolic link attacks CVE-STATUS: default CVE-REV: default...

Advisory ROSA-SA-2021-1989

Software: trousers 0.3.14 OS: Cobalt 7.9 CVE-ID: CVE-2020-24330 CVE-Crit: HIGH CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed...

MGASA-2021-0032 Updated policycoreutils packages fix a security vulnerability

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state...

CVE-2019-18644

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

CVE-2019-18645

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

Code injection

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

Design/Logic Flaw

The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories...

CVE-2019-18644

The CVE-2019-18644 entry describes a TOCTOU vulnerability in the malware scan function of Total Defense Anti-virus 11.5.2.28. The issue allows symbolic link attacks to delete privileged files, i.e., an attacker could exploit the TOCTOU race condition to gain or cause modification/deletion of prot...

CVE-2019-18644

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

CVE-2019-18645

CVE-2019-18645 affects Total Defense Anti-virus 11.5.2.28. The quarantine restoration function is susceptible to symbolic link attacks, allowing files to be written to privileged directories. The cited sources consistently describe a local impact enabling modification of privileged targets via th...

The RPC vulnerability mining case studies, on-vulnerability and early warning-the black bar safety net

2018 8 the end of the month, a self-proclaimed“sandbox escape”SandboxEscaperof female researchers released a Windows local privilege escalation 0 day vulnerability. In addition, also attach a proof of concept attack that allows hackers to read the system in unauthorized areas, but at the moment...