Total
1414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8108 | 1 Cisofy | 1 Lynis | 2025-04-20 | N/A |
| Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | ||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2025-04-20 | 5.5 Medium |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | ||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 9 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-20 | 7.8 High |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | ||||
| CVE-2017-6981 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. | ||||
| CVE-2015-3315 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | N/A |
| Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. | ||||
| CVE-2015-7723 | 1 Amd | 1 Fglrx-driver | 2025-04-20 | N/A |
| AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | ||||
| CVE-2015-7724 | 1 Amd | 1 Fglrx-driver | 2025-04-20 | N/A |
| AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | ||||
| CVE-2011-2684 | 1 Rkkda | 1 Foo2zjs | 2025-04-20 | N/A |
| foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | ||||
| CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2025-04-17 | 7.1 High |
| A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | ||||
| CVE-2022-2897 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2025-04-16 | 7.8 High |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | ||||
| CVE-2022-2898 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2025-04-16 | 6.1 Medium |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | ||||
| CVE-2022-45412 | 5 Apple, Google, Linux and 2 more | 11 Macos, Android, Linux Kernel and 8 more | 2025-04-15 | 8.8 High |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-45798 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-15 | 7.8 High |
| A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-4563 | 1 Freedom | 1 Securedrop | 2025-04-15 | 7.8 High |
| A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | ||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-04-14 | 7 High |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-14 | 7.8 High |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2025-04-14 | 7.8 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2025-04-12 | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2025-04-12 | N/A |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | ||||