Lucene search
K

14 matches found

CVE
CVE
added 2026/05/08 6:51 p.m.12 views

CVE-2026-29203

CVE-2026-29203 affects the cPanel Nova plugin component Cpanel::Nova::Connector. A chmod call follows symlinks, enabling an authenticated cPanel user to set root permissions on arbitrary system files or directories by placing a symlink at a user-controlled legacy Nova path in their home directory...

8.8CVSS5.9AI score0.00053EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.3 views

PT-2025-47601

Name of the Vulnerable Software and Affected Versions zx affected versions not specified Description A flaw exists in zx where, when invoked with the --prefer-local option pointing to a specific path, the command-line interface creates a symbolic link named ./node modules to the specified path’s...

8.3CVSS6.4AI score0.00018EPSS
Exploits0References5
OSV
OSV
added 2025/07/08 7:15 p.m.1 views

DEBIAN-CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

8CVSS7.3AI score0.00603EPSS
Exploits9References1
OSV
OSV
added 2025/02/12 12:15 a.m.3 views

CVE-2020-3432

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit th...

5.6CVSS5.8AI score0.00108EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.22 views

RHEL 5 : samba3x (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Samba: Missing access control check in shadow copy code CVE-2015-5299 - samba: Incorrect ACL get/set...

6.5CVSS6.2AI score0.08682EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.5 views

SUSE CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

8.6CVSS7.2AI score0.01018EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.2 views

PT-2023-13513

Name of the Vulnerable Software and Affected Versions SSZipArchive versions 2.5.3 and older Description The issue is related to an arbitrary file write vulnerability due to a lack of sanitization on paths that are symlinks. When SSZipArchive opens a malicious ZIP containing a symlink as the first...

8.1CVSS7.4AI score0.005EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2021/07/16 7:0 a.m.2 views

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

...

8.6CVSS7AI score0.01018EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/01/20 8:0 a.m.2 views

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

...

2.5CVSS7AI score0.00094EPSS
Exploits1
OSV
OSV
added 2020/12/08 8:15 p.m.1 views

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...

7.8CVSS6.8AI score0.00177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/11/12 12:0 a.m.1 views

PT-2020-11847 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.0.1 iOS versions prior to 14.2 iPadOS versions prior to 14.2 tvOS versions prior to 14.2 watchOS versions prior to 7.1 Description: An issue existed within the path validation logic for symlinks, which was addressed...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References10
OSV
OSV
added 2019/06/04 9:29 p.m.13 views

CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

7.5CVSS6.5AI score
Exploits0References7
Cvelist
Cvelist
added 2019/06/04 8:26 p.m.17 views

CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

7.6AI score0.00593EPSS
Exploits1References7
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-4

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a 1 CWD, 2 DELE, 3 STOR, or 4 RETR command...

6.5CVSS7.1AI score0.0055EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder