Export limit exceeded: 362462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1801 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0017 1 Exim 1 Exim 2025-04-11 N/A
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
CVE-2011-1004 2 Redhat, Ruby-lang 2 Enterprise Linux, Ruby 2025-04-11 N/A
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
CVE-2011-2185 1 Fabfile 1 Fabric 2025-04-11 N/A
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.
CVE-2011-1031 1 Feh Project 1 Feh 2025-04-11 N/A
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
CVE-2012-2093 1 Gajim 1 Gajim 2025-04-11 N/A
src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.
CVE-2012-2103 1 Munin-monitoring 1 Munin 2025-04-11 N/A
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2022-3592 2 Fedoraproject, Samba 2 Fedora, Samba 2025-04-08 6.5 Medium
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
CVE-2023-29351 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2025-04-08 8.1 High
Windows Group Policy Elevation of Privilege Vulnerability
CVE-2020-36657 1 Uptimed Project 1 Uptimed 2025-04-01 7.8 High
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
CVE-2024-36306 1 Trendmicro 1 Apex One 2025-03-27 6.1 Medium
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-42291 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2025-03-25 8.2 High
NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory.
CVE-2022-42292 2 Microsoft, Nvidia 2 Windows, Geforce Experience 2025-03-25 5 Medium
NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
CVE-2022-34452 1 Dell 1 Powerpath Management Appliance 2025-03-24 2.7 Low
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.
CVE-2023-24572 1 Dell 1 Command \| Integration Suite For System Center 2025-03-21 4.7 Medium
Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
CVE-2023-23697 1 Dell 1 Command \| Intel Vpro Out Of Band 2025-03-21 4.7 Medium
Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
CVE-2023-23558 1 Eternal Terminal Project 1 Eternal Terminal 2025-03-19 6.3 Medium
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.
CVE-2025-26473 1 Outbackpower 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware 2025-03-19 7.5 High
The Mojave Inverter uses the GET method for sensitive information.
CVE-2024-36305 1 Trendmicro 1 Apex One 2025-03-14 7.8 High
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-22582 1 Apple 2 Mac Os X, Macos 2025-03-11 5.5 Medium
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files.
CVE-2022-45697 1 Razer 1 Razer Central 2025-03-11 7.8 High
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.