• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-59

CVE-2019-13636

February 26, 2023 by

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

CVE-2019-13382

February 26, 2023 by

UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%TechSmithTechSmith RecorderQueuedPresentations and then creating a symbolic link in %PROGRAMDATA%TechsmithTechSmith RecorderInvalidPresentations that points to an arbitrary folder with an arbitrary file name. TechSmith Relay Classic Recorder prior to 5.2.1 on Windows is vulnerable. The vulnerability was introduced in SnagIT Windows 12.4.1.

CVE-2019-1339

February 26, 2023 by

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka ‘Windows Error Reporting Manager Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.

CVE-2019-13226

February 26, 2023 by

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.

CVE-2019-13227

February 26, 2023 by

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled.

CVE-2019-13228

February 26, 2023 by

deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 64
  • Go to page 65
  • Go to page 66
  • Go to page 67
  • Go to page 68
  • Interim pages omitted …
  • Go to page 101
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE