Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hardlink vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-9451
An issue exists in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created)...
Acronis True Image 2020 24.5.22510
7.5
CVSSv3
CVE-2017-5601
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote malicious users to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
Libarchive Libarchive 3.2.2
7.8
CVSSv3
CVE-2020-9452
An issue exists in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the qua...
Acronis True Image 2020 24.5.22510
7.8
CVSSv3
CVE-2018-8440
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Wi...
Microsoft Windows 10 1703
Microsoft Windows 10 1803
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 1709
Microsoft Windows 10 -
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 -
Microsoft Windows 10 1709
Microsoft Windows 7 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1803
5 Github repositories
2 Articles
NA
CVE-2014-6407
Docker prior to 1.3.2 allows remote malicious users to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Docker Docker
Docker Docker 1.3.0
Docker Docker 1.0.0
1 Article
NA
CVE-2014-6408
Docker 1.3.0 up to and including 1.3.1 allows remote malicious users to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
Docker Docker 1.3.0
Docker Docker 1.3.1
1 Article
7.8
CVSSv3
CVE-2019-19741
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies...
Ea Origin
NA
CVE-2024-32020
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source rep...
8.8
CVSSv3
CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2008-2936
Postfix prior to 2.3.15, 2.4 prior to 2.4.8, 2.5 prior to 2.5.4, and 2.6 prior to 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this ...
Postfix Postfix 2.5.0
Postfix Postfix 2.3.11
Postfix Postfix 2.3.6
Postfix Postfix 2.3.0
Postfix Postfix 2.5.2
Postfix Postfix 2.4.0
Postfix Postfix 2.3.12
Postfix Postfix 2.3.10
Postfix Postfix 2.4.5
Postfix Postfix 2.3.9
Postfix Postfix 2.3.2
Postfix Postfix 2.3.7
Postfix Postfix 2.3.14
Postfix Postfix 2.4.3
Postfix Postfix 2.5.3
Postfix Postfix 2.6.0
Postfix Postfix 2.4.7
Postfix Postfix 2.4.2
Postfix Postfix 2.3.4
Postfix Postfix 2.3.3
Postfix Postfix 2.3.1
Postfix Postfix 2.5.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »