CWE:

	Tytuł	Data	Autor
Med.	Leeloo Multipath Authorization Bypass / Symlink Attack	02.11.2022	Qualys Security Adviso...
Med.	Linux systemd Symlink Dereference Via chown_one()	27.10.2018	Jann Horn
High	MS13-097 Registry Symlink IE Sandbox Escape	27.06.2014	Juan vazquez
Med.	systemd create or overwrite arbitrary files	21.04.2014	Sebastian Krahmer
Med.	Solaris 10 Patch Cluster Symlink Attack	09.08.2012	Larry W. Cashdollar
Low	Medium severity flaw in QNX Neutrino RTOS	23.10.2011	Tim Brown
Low	Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS	01.09.2011	Timo Warns
Med.	FreeBSD crontab information leakage	07.03.2011	Dan Rosenberg
Med.	The GNU C library dynamic linker expands $ORIGIN in setuid library search path	11.01.2011	taviso
Low	emesene preditable 1.6.1 temporary filename	12.06.2010	Emilio Pozuelo Monfort
Low	Mathematica on Linux /tmp/MathLink vulnerability	27.05.2010	paul szabo
Med.	Solaris Update manager and Sun Patch Cluster - Symlink attack	01.04.2010	DHS
Med.	Deliver 2.1.14 Multiple vulnerabilities	30.03.2010	Dan Rosenberg
Med.	fcrontab 3.0.4 Information Disclosure Vulnerability	09.03.2010	Dan Rosenberg
Med.	Oscailt 3.3 CMS Local File Inclusion	02.01.2010	s4r4d0
Med.	VideoCache 1.9.2 vccleaner root vulnerability	30.12.2009	Dominick LaTrappe
Med.	MySQL - 5.1.41 Multiple Vulnerabalities	03.12.2009	Jan Lieskovsky
Med.	Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities	05.02.2009	Sam Johnston
Med.	ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities	31.12.2008	XiaShing_at_gmail.com
High	verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability	23.12.2008	v4lkyrius
High	/bin/login gives root to group utmp	02.12.2008	Paul Szabo
High	python-2.3.4-5 Symbolic link attack possibility	19.09.2008	Jan iankko Lieskovsky
Med.	Nooms 1.1	11.09.2008	irancrash

---

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-10-11

	CVE-2024-45316	Updating...	The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
	CVE-2024-45315	Updating...	The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack.

2024-10-08

	CVE-2024-43603	Updating...	Visual Studio Collector Service Denial of Service Vulnerability
	CVE-2024-38097	Updating...	Azure Monitor Agent Elevation of Privilege Vulnerability
	CVE-2024-38262	Updating...	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
	CVE-2024-43501	Updating...	Windows Common Log File System Driver Elevation of Privilege Vulnerability
	CVE-2024-43551	Updating...	Windows Storage Elevation of Privilege Vulnerability
	CVE-2024-43563	Updating...	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

2024-10-01

CVE-2024-9341

Updating...

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

2024-09-19

CVE-2024-45770

Updating...

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

 

---

Copyright 2024, cxsecurity.com