Total
1244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2024-11-20 | 5.5 Medium |
| Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | ||||
| CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2024-11-20 | 5.5 Medium |
| HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | ||||
| CVE-2000-0715 | 3 Conectiva, Kirk Bauer, Redhat | 3 Linux, Diskcheck, Powertools | 2024-11-20 | N/A |
| DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2024-11-20 | 7.5 High |
| Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | ||||
| CVE-1999-1593 | 1 Microsoft | 3 Windows 2000, Windows 95, Windows 98 | 2024-11-20 | N/A |
| Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. | ||||
| CVE-1999-1386 | 1 Perl | 1 Perl | 2024-11-20 | 5.5 Medium |
| Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | ||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | ||||
| CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2024-11-20 | N/A |
| Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | ||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2024-11-20 | 5.5 Medium |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | ||||
| CVE-2023-20004 | 2024-11-18 | 4.4 Medium | ||
| Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | ||||
| CVE-2021-1491 | 2024-11-18 | N/A | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-51721 | 1 Blackberry | 1 Secusuite | 2024-11-13 | 7.3 High |
| A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. | ||||
| CVE-2024-10007 | 1 Github | 1 Enterprise Server | 2024-11-08 | N/A |
| A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-44258 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-06 | 7.1 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2024-45315 | 2024-11-01 | 5.5 Medium | ||
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. | ||||
| CVE-2024-44264 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2024-44175 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | ||||
| CVE-2024-45316 | 1 Sonicwall | 1 Connect Tunnel | 2024-10-15 | 7.8 High |
| The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | ||||
| CVE-2024-27458 | 1 Hp | 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more | 2024-10-07 | 8.8 High |
| A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | ||||
| CVE-2024-8404 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-10-03 | 7.8 High |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037. | ||||