Export limit exceeded: 335167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1255 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2025-04-20 | N/A |
| The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | ||||
| CVE-2016-4679 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | ||||
| CVE-2016-6253 | 1 Netbsd | 1 Netbsd | 2025-04-20 | N/A |
| mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | ||||
| CVE-2017-1301 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | N/A |
| IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. | ||||
| CVE-2017-6981 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. | ||||
| CVE-2017-3265 | 4 Debian, Mariadb, Oracle and 1 more | 11 Debian Linux, Mariadb, Mysql and 8 more | 2025-04-20 | 5.6 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). | ||||
| CVE-2015-7723 | 1 Amd | 1 Fglrx-driver | 2025-04-20 | N/A |
| AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | ||||
| CVE-2011-2684 | 1 Rkkda | 1 Foo2zjs | 2025-04-20 | N/A |
| foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | ||||
| CVE-2016-10089 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | ||||
| CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2025-04-17 | 7.1 High |
| A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | ||||
| CVE-2022-2897 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2025-04-16 | 7.8 High |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | ||||
| CVE-2022-2898 | 1 Measuresoft | 2 Scadapro Client, Scadapro Server | 2025-04-16 | 6.1 Medium |
| Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | ||||
| CVE-2022-45412 | 5 Apple, Google, Linux and 2 more | 11 Macos, Android, Linux Kernel and 8 more | 2025-04-15 | 8.8 High |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-45798 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-04-15 | 7.8 High |
| A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-4563 | 1 Freedom | 1 Securedrop | 2025-04-15 | 7.8 High |
| A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | ||||
| CVE-2023-38159 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2025-04-14 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-04-14 | 7 High |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-14 | 7.8 High |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2025-04-14 | 7.8 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||