Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius recursively enumerates logs using a JUCE directory iterator configured to follow symlinks, and later writes file data without validating whether the target is a symbolic link. A local attacker can exploit this behavior by planting symlinks to arbitrary filesystem locations, resulting in unauthorized disclosure or modification of arbitrary files. When chained with the associated HelperTool privilege escalation issue, root-owned files may also be exposed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Plugin Alliance Aquarius Desktop 安全漏洞
Vulnerability Description
Plugin Alliance Aquarius Desktop是美国Plugin Alliance公司的一个音频插件管理软件。 Plugin Alliance Aquarius Desktop 3.0.069版本存在安全漏洞,该漏洞源于支持数据归档功能未正确处理符号链接,可能导致任意文件泄露或修改。
CVSS Information
N/A
Vulnerability Type
N/A