Total
1295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29983 | 2025-04-16 | 6.7 Medium | ||
| Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2022-45412 | 5 Apple, Google, Linux and 2 more | 11 Macos, Android, Linux Kernel and 8 more | 2025-04-15 | 8.8 High |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-45798 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-15 | 7.8 High |
| A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-4563 | 1 Freedom | 1 Securedrop | 2025-04-15 | 7.8 High |
| A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | ||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-04-14 | 7 High |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-14 | 7.8 High |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2025-04-14 | 7.8 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
| CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2025-04-12 | N/A |
| lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | ||||
| CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2025-04-12 | N/A |
| The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | ||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2025-04-12 | N/A |
| The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | ||||
| CVE-2016-9566 | 2 Nagios, Redhat | 3 Nagios, Openstack, Storage | 2025-04-12 | N/A |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | ||||
| CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2025-04-12 | N/A |
| The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | ||||
| CVE-2013-2105 | 1 Jonathan Leung | 1 Show In Browser | 2025-04-12 | N/A |
| The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. | ||||
| CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2025-04-12 | N/A |
| The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | ||||
| CVE-2013-4262 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
| svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | ||||
| CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2025-04-12 | N/A |
| tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | ||||
| CVE-2016-6664 | 4 Mariadb, Oracle, Percona and 1 more | 6 Mariadb, Mysql, Percona Server and 3 more | 2025-04-12 | 7.0 High |
| mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. | ||||
| CVE-2014-5029 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2025-04-12 | N/A |
| The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | ||||
| CVE-2001-1593 | 1 Gnu | 1 A2ps | 2025-04-12 | N/A |
| The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | ||||