Search Results (1802 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3315 1 Redhat 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-20 N/A
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
CVE-2015-3149 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-20 N/A
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
CVE-2017-16611 3 Canonical, Debian, X 3 Ubuntu Linux, Debian Linux, Libxfont 2025-04-20 5.5 Medium
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
CVE-2015-5701 1 Tug 1 Texlive 2025-04-20 N/A
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
CVE-2011-2684 1 Rkkda 1 Foo2zjs 2025-04-20 N/A
foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.
CVE-2024-0206 2 Microsoft, Trellix 2 Windows, Anti-malware Engine 2025-04-17 7.1 High
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files
CVE-2022-2897 1 Measuresoft 2 Scadapro Client, Scadapro Server 2025-04-16 7.8 High
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..
CVE-2022-2898 1 Measuresoft 2 Scadapro Client, Scadapro Server 2025-04-16 6.1 Medium
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.
CVE-2022-45412 5 Apple, Google, Linux and 2 more 11 Macos, Android, Linux Kernel and 8 more 2025-04-15 8.8 High
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45798 2 Microsoft, Trendmicro 2 Windows, Apex One 2025-04-15 7.8 High
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-4563 1 Freedom 1 Securedrop 2025-04-15 7.8 High
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972.
CVE-2023-38159 1 Microsoft 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more 2025-04-14 7 High
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-36568 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-04-14 7 High
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36711 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2025-04-14 7.8 High
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2023-36723 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2025-04-14 7.8 High
Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2023-36737 1 Microsoft 1 Azure Network Watcher 2025-04-14 7.8 High
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2015-4155 1 Gnu 1 Parallel 2025-04-12 N/A
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-5045 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux, Enterprise Linux Eus and 3 more 2025-04-12 N/A
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.
CVE-2014-3977 1 Ibm 2 Aix, Vios 2025-04-12 N/A
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2016-6664 4 Mariadb, Oracle, Percona and 1 more 6 Mariadb, Mysql, Percona Server and 3 more 2025-04-12 7.0 High
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.