CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-25321

HIGH
7.8
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile20.76th
Published2021年6月30日
Last Modified2024年11月21日

Vulnerability Description

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Affected Platforms (CPE)

📦
Suse

Arpwatch

< 2.1a15
📦
Suse

Arpwatch

<= 2.1a15-169.5
📦
Suse

Arpwatch

<= 2.1a15-lp152.5.5

References & Advisories

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1186240
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1186240

相关漏洞威胁

CVE-2012-265310.0

arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might...

CVE-2001-01401.2

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...