Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2024-08-03 | 6.3 Medium |
| There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | ||||
| CVE-2021-4287 | 1 Microsoft | 1 Binwalk | 2024-08-03 | 5 Medium |
| A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876. | ||||
| CVE-2021-3310 | 1 Westerndigital | 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more | 2024-08-03 | 7.8 High |
| Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). | ||||
| CVE-2021-1091 | 1 Nvidia | 1 Gpu Display Driver | 2024-08-03 | 7.1 High |
| NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | ||||
| CVE-2021-1092 | 1 Nvidia | 1 Gpu Display Driver | 2024-08-03 | 7.1 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss. | ||||
| CVE-2021-0094 | 1 Intel | 1 Driver \& Support Assistant | 2024-08-03 | 7.8 High |
| Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2022-48579 | 1 Rarlab | 1 Unrar | 2024-08-03 | 7.5 High |
| UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | ||||
| CVE-2022-47188 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 7.5 High |
| There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | ||||
| CVE-2022-45798 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-03 | 7.8 High |
| A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-45697 | 1 Razer | 1 Razer Central | 2024-08-03 | 7.8 High |
| Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | ||||
| CVE-2022-45440 | 1 Zyxel | 2 Ax7501-b0, Ax7501-b0 Firmware | 2024-08-03 | 4.4 Medium |
| A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. A local authenticated attacker with administrator privileges could abuse this vulnerability to access the root file system by creating a symbolic link on external storage media, such as a USB flash drive, and then logging into the FTP server on a vulnerable device. | ||||
| CVE-2022-45412 | 5 Apple, Google, Linux and 2 more | 11 Macos, Android, Linux Kernel and 8 more | 2024-08-03 | 8.8 High |
| When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | ||||
| CVE-2022-44747 | 1 Acronis | 1 Cyber Protect Home Office | 2024-08-03 | 7.8 High |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-43293 | 1 Wacom | 1 Driver | 2024-08-03 | 5.9 Medium |
| Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe. | ||||
| CVE-2022-42725 | 1 Linuxmint | 1 Warpinator | 2024-08-03 | 7.5 High |
| Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. | ||||
| CVE-2022-42291 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-08-03 | 8.2 High |
| NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | ||||
| CVE-2022-42292 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-08-03 | 5 Medium |
| NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | ||||
| CVE-2022-41973 | 4 Debian, Fedoraproject, Opensvc and 1 more | 5 Debian Linux, Fedora, Multipath-tools and 2 more | 2024-08-03 | 7.8 High |
| multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. | ||||
| CVE-2022-40710 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2024-08-03 | 7.8 High |
| A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-40143 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-03 | 7.3 High |
| A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||