Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardlink vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2015-3170
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
Selinux Project Selinux -
7.8
CVSSv3
CVE-2023-0652
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious malicious user to forge the destination of the hardlink and escalate privileges, overwriting SYS...
Cloudflare Warp
7.5
CVSSv3
CVE-2018-20990
An issue exists in the tar crate prior to 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
Tar Project Tar
NA
CVE-2009-0876
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
Sun Xvm Virtualbox 2.0.6r39760
Sun Xvm Virtualbox 2.1.4r42893
Sun Xvm Virtualbox 2.1.0
Sun Xvm Virtualbox 2.1.2
Sun Xvm Virtualbox 2.0.0
Sun Xvm Virtualbox 2.0.2
Sun Xvm Virtualbox 2.0.4
5.5
CVSSv3
CVE-2001-1494
script command in the util-linux package prior to 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
Kernel Util-linux
Avaya Cvlan
Avaya Interactive Response
Avaya Integrated Management Suit
Avaya Intuity Lx
Avaya Message Networking
Avaya Messaging Storage Server
1 Github repository
NA
CVE-2013-5710
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 up to and including 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance.
Freebsd Freebsd 8.0
Freebsd Freebsd 8.3
Freebsd Freebsd 8.4
Freebsd Freebsd 9.0
Freebsd Freebsd 9.1
Freebsd Freebsd 9.2
5.5
CVSSv3
CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance w...
Gnu Guix
5.5
CVSSv3
CVE-2016-5293
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerabi...
Mozilla Firefox Esr
Mozilla Firefox
Debian Debian Linux 8.0
NA
CVE-2005-3321
chkstat in SuSE Linux 9.0 up to and including 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkst...
Suse Suse Linux 9.1
Novell Suse Linux 10.0
Suse Suse Linux 9.3
Suse Suse Linux 9.2
Suse Suse Linux 9.0
3.3
CVSSv3
CVE-2014-1420
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is...
Canonical Ubuntu-ui-toolkit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »