Total
1329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4085 | 1 Stephenjungels | 1 Plait | 2025-04-09 | N/A |
| plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. | ||||
| CVE-2008-6552 | 2 Fedoraproject, Redhat | 7 Fedora, Cluster Project, Cman and 4 more | 2025-04-09 | N/A |
| Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | ||||
| CVE-2008-0525 | 3 Lumension Security, Novell, Unix | 3 Patchlink Update, Zenworks Patch Management Update Agent, Unix | 2025-04-09 | N/A |
| PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. | ||||
| CVE-2008-4984 | 1 Freedesktop | 1 Scratchbox2 | 2025-04-09 | N/A |
| scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts. | ||||
| CVE-2008-4474 | 1 Freeradius | 1 Freeradius | 2025-04-09 | N/A |
| freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. | ||||
| CVE-2009-4135 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Coreutils | 2025-04-09 | N/A |
| The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | ||||
| CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2025-04-08 | 6.5 Medium |
| A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | ||||
| CVE-2020-0638 | 1 Microsoft | 9 Windows 10 1709, Windows 10 1803, Windows 10 1809 and 6 more | 2025-04-08 | 7.8 High |
| An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-1315 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 10 more | 2025-04-08 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | ||||
| CVE-2019-1385 | 1 Microsoft | 6 Windows 10 1709, Windows 10 1803, Windows 10 1809 and 3 more | 2025-04-08 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | ||||
| CVE-2023-29351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | 8.1 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2025-24278 | 1 Apple | 1 Macos | 2025-04-04 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | ||||
| CVE-2025-30457 | 1 Apple | 1 Macos | 2025-04-04 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2025-24242 | 1 Apple | 1 Macos | 2025-04-04 | 4.4 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information. | ||||
| CVE-2019-0841 | 1 Microsoft | 6 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 3 more | 2025-04-04 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. | ||||
| CVE-2020-0787 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-04-04 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | ||||
| CVE-2019-1130 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 11 more | 2025-04-03 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. | ||||
| CVE-2019-1129 | 1 Microsoft | 8 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 5 more | 2025-04-03 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130. | ||||
| CVE-2019-1253 | 1 Microsoft | 8 Windows 10 1703, Windows 10 1709, Windows 10 1803 and 5 more | 2025-04-03 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | ||||
| CVE-2020-36193 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2025-04-03 | 7.5 High |
| Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | ||||