Common Weakness Enumeration

CWE-59

Allowed

Improper Link Resolution Before File Access ('Link Following')

Abstraction: Base · Status: Draft

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1987 vulnerabilities reference this CWE, most recent first.

GHSA-96GQ-M97M-9PPG

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:51
VLAI
Details

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-3567"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-03T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known \u0027safe\u0027 permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the \u0027Program Files\u0027 directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0.",
  "id": "GHSA-96gq-m97m-9ppg",
  "modified": "2024-04-04T00:51:06Z",
  "published": "2022-05-24T16:47:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3567"
    },
    {
      "type": "WEB",
      "url": "https://www.facebook.com/security/advisories/cve-2019-3567"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97JM-5RH5-84F8

Vulnerability from github – Published: 2022-05-14 03:59 – Updated: 2022-05-14 03:59
VLAI
Details

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-1876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-10T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.",
  "id": "GHSA-97jm-5rh5-84f8",
  "modified": "2022-05-14T03:59:55Z",
  "published": "2022-05-14T03:59:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1876"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0413"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2014:0414"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1060907"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140852886808946\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=140852974709252\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/102808"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2014/q1/242"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2014/q1/285"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58415"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59058"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-2912"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/65568"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2187-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2191-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-984X-7Q6C-WPQW

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T19:15:33Z",
    "severity": "HIGH"
  },
  "details": "A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-984x-7q6c-wpqw",
  "modified": "2025-06-17T21:32:30Z",
  "published": "2025-06-17T21:32:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49157"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019917"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-364"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98C8-36P9-GW66

Vulnerability from github – Published: 2022-05-17 01:57 – Updated: 2024-05-14 21:19
VLAI
Summary
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Details

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py,MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "trove"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0a0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-3156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:19:05Z",
    "nvd_published_at": "2017-08-11T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The `_write_config` function in `trove/guestagent/datastore/experimental/mongodb/service.py`, `reset_configuration` function in `trove/guestagent/datastore/experimental/postgresql/service/config.py`, `write_config` function in `trove/guestagent/datastore/experimental/redis/service.py`, `_write_mycnf` function in `trove/guestagent/datastore/mysql/service.py`, `InnoBackupEx::_run_prepare` function in `trove/guestagent/strategies/restore/mysql_impl.py`, `InnoBackupEx::cmd` function in `trove/guestagent/strategies/backup/mysql_impl.py`,`MySQLDump::cmd` in `trove/guestagent/strategies/backup/mysql_impl.py`, `InnoBackupExIncremental::cmd` function in `trove/guestagent/strategies/backup/mysql_impl.py`, `_get_actual_db_status` function in `trove/guestagent/datastore/experimental/cassandra/system.py` and `trove/guestagent/datastore/experimental/cassandra/service.py`, and multiple class CbBackup methods in `trove/guestagent/strategies/backup/experimental/couchbase_impl.py` in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.",
  "id": "GHSA-98c8-36p9-gw66",
  "modified": "2024-05-14T21:19:05Z",
  "published": "2022-05-17T01:57:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3156"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/commit/61774984aa2bacfe89867fc39a402a6a4cfb8f33"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/trove/+bug/1398195"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/trove"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Openstack DBaaS (Trove) Improper Link Resolution Before File Access "
}

GHSA-98H5-28MW-XJRQ

Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:05
VLAI
Details

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-26T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.",
  "id": "GHSA-98h5-28mw-xjrq",
  "modified": "2024-04-03T23:05:37Z",
  "published": "2022-04-22T00:24:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3632"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2011-3632"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3632"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2011-3632"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2011/10/15/2"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2011/10/20/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-98QQ-6F93-2RG7

Vulnerability from github – Published: 2022-05-03 03:14 – Updated: 2022-05-03 03:14
VLAI
Details

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-3011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-09-21T20:03:00Z",
    "severity": "LOW"
  },
  "details": "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.",
  "id": "GHSA-98qq-6f93-2rg7",
  "modified": "2022-05-03T03:14:23Z",
  "published": "2022-05-03T03:14:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3011"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305530"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/16816"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17070"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17076"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17093"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17211"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17215"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18401"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22929"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23112"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24788"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25402"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1014992"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015468"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1219"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/14854"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-194-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1267"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9933-5G23-6JQ2

Vulnerability from github – Published: 2024-01-23 21:30 – Updated: 2025-06-20 21:31
VLAI
Details

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52092"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-23T21:15:09Z",
    "severity": "HIGH"
  },
  "details": "A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-9933-5g23-6jq2",
  "modified": "2025-06-20T21:31:50Z",
  "published": "2024-01-23T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52092"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/dcx/s/solution/000296151?language=en_US"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99H4-V6GX-V3QP

Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2024-02-27 21:31
VLAI
Details

A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40710"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-28T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
  "id": "GHSA-99h4-v6gx-v3qp",
  "modified": "2024-02-27T21:31:24Z",
  "published": "2022-09-29T00:00:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40710"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/solution/000291590"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99J6-PF9P-H77C

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-23873"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-10T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.",
  "id": "GHSA-99j6-pf9p-h77c",
  "modified": "2022-05-24T17:41:45Z",
  "published": "2022-05-24T17:41:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23873"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-175"
    },
    {
      "type": "WEB",
      "url": "http://service.mcafee.com/FAQDocument.aspx?\u0026id=TS103114"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99VH-GVCG-X7Q6

Vulnerability from github – Published: 2022-05-01 23:48 – Updated: 2022-05-01 23:48
VLAI
Details

Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-01T18:41:00Z",
    "severity": "HIGH"
  },
  "details": "Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.",
  "id": "GHSA-99vh-gvcg-x7q6",
  "modified": "2022-05-01T23:48:48Z",
  "published": "2022-05-01T23:48:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2311"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43495"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1020393"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30018"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.

CAPEC-17: Using Malicious Files

An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.