Total
1174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-22582 | 1 Apple | 2 Mac Os X, Macos | 2024-08-03 | 5.5 Medium |
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5, macOS Monterey 12.3. A local user may be able to write arbitrary files. | ||||
CVE-2022-22585 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-03 | 7.5 High |
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. | ||||
CVE-2022-21999 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-08-03 | 7.8 High |
Windows Print Spooler Elevation of Privilege Vulnerability | ||||
CVE-2022-21997 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2024-08-03 | 7.1 High |
Windows Print Spooler Elevation of Privilege Vulnerability | ||||
CVE-2022-21919 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-08-03 | 7 High |
Windows User Profile Service Elevation of Privilege Vulnerability | ||||
CVE-2022-21895 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-08-03 | 7.8 High |
Windows User Profile Service Elevation of Privilege Vulnerability | ||||
CVE-2022-21838 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-08-03 | 5.5 Medium |
Windows Cleanup Manager Elevation of Privilege Vulnerability | ||||
CVE-2022-21770 | 2 Google, Mediatek | 10 Android, Mt6781, Mt6877 and 7 more | 2024-08-03 | 6.7 Medium |
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663. | ||||
CVE-2022-20085 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6731 and 50 more | 2024-08-03 | 6.7 Medium |
In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. | ||||
CVE-2022-20103 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-08-03 | 4.4 Medium |
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. | ||||
CVE-2022-20068 | 2 Google, Mediatek | 56 Android, Mt6731, Mt6732 and 53 more | 2024-08-03 | 6.7 Medium |
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907. | ||||
CVE-2022-20050 | 2 Google, Mediatek | 49 Android, Mt6762, Mt6765 and 46 more | 2024-08-03 | 6.7 Medium |
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. | ||||
CVE-2022-4563 | 1 Freedom | 1 Securedrop | 2024-08-03 | 7.8 High |
A vulnerability was found in Freedom of the Press SecureDrop. It has been rated as critical. Affected by this issue is some unknown functionality of the file gpg-agent.conf. The manipulation leads to symlink following. Local access is required to approach this attack. The name of the patch is b0526a06f8ca713cce74b63e00d3730618d89691. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215972. | ||||
CVE-2022-4122 | 3 Fedoraproject, Podman Project, Redhat | 3 Fedora, Podman, Rhel Eus | 2024-08-03 | 5.3 Medium |
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | ||||
CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-08-03 | 6.5 Medium |
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | ||||
CVE-2022-2145 | 1 Cloudflare | 1 Warp | 2024-08-03 | 5.8 Medium |
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | ||||
CVE-2022-1256 | 1 Mcafee | 1 Agent | 2024-08-02 | 7.8 High |
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | ||||
CVE-2022-0799 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-08-02 | 8.8 High |
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. | ||||
CVE-2023-52338 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-08-02 | 7.8 High |
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-52138 | 1 Mate-desktop | 1 Engrampa | 2024-08-02 | 8.2 High |
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa. |