Total
1305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13960 | 2025-05-12 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2024-13759 | 2025-05-12 | N/A | 7.8 HIGH | ||
| Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion | |||||
| CVE-2024-13961 | 2025-05-12 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2025-3224 | 1 Docker | 1 Desktop | 2025-05-10 | N/A | 7.8 HIGH |
| A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege. | |||||
| CVE-2022-32905 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 7.8 HIGH |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. | |||||
| CVE-2023-2939 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-05-05 | N/A | 7.8 HIGH |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | |||||
| CVE-2019-13689 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | N/A | 7.8 HIGH |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | |||||
| CVE-2009-1143 | 1 Vmware | 1 Open-vm-tools | 2025-04-25 | N/A | 7.0 HIGH |
| An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). | |||||
| CVE-2009-1142 | 1 Vmware | 1 Open Vm Tools | 2025-04-25 | N/A | 6.7 MEDIUM |
| An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. | |||||
| CVE-2022-4122 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | N/A | 5.3 MEDIUM |
| A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | |||||
| CVE-2025-1697 | 2025-04-21 | N/A | N/A | ||
| A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. | |||||
| CVE-2024-12905 | 2025-04-20 | N/A | 7.5 HIGH | ||
| An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8. | |||||
| CVE-2016-10374 | 1 Perltidy Project | 1 Perltidy | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | |||||
| CVE-2015-5701 | 1 Tug | 1 Texlive | 2025-04-20 | 5.6 MEDIUM | 6.1 MEDIUM |
| mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. | |||||
| CVE-2015-3149 | 1 Redhat | 7 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Hpc Node Eus and 4 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | |||||
| CVE-2015-8860 | 1 Nodejs | 1 Node.js | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2015-8326 | 1 Iptables-parse Project | 1 Iptables-parse Module | 2025-04-20 | 3.6 LOW | 5.5 MEDIUM |
| The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | |||||
| CVE-2017-1301 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-20 | 3.6 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. | |||||
| CVE-2017-7501 | 1 Rpm | 1 Rpm | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. | |||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2025-04-20 | 3.6 LOW | 5.5 MEDIUM |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | |||||