Total
1131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2024-05-17 | 6.2 MEDIUM | N/A |
| os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users. | |||||
| CVE-2008-5034 | 1 A Mennucc1 | 1 Printfilters-ppd | 2024-05-17 | 6.9 MEDIUM | N/A |
| master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"' | |||||
| CVE-2008-4998 | 1 Twiki | 1 Twiki | 2024-05-17 | 6.9 MEDIUM | N/A |
| postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid. | |||||
| CVE-2008-4997 | 1 Pilot-qof | 1 Datafreedom-perl | 2024-05-17 | 6.9 MEDIUM | N/A |
| dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage. | |||||
| CVE-2008-4996 | 1 Debian | 1 Initramfs-tools | 2024-05-17 | 6.9 MEDIUM | N/A |
| init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable. | |||||
| CVE-2008-4977 | 1 Postfix | 1 Postfix | 2024-05-17 | 6.9 MEDIUM | N/A |
| postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it. | |||||
| CVE-2008-4953 | 1 Firehol | 1 Firehol | 2024-05-17 | 6.9 MEDIUM | N/A |
| firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks. | |||||
| CVE-2008-4950 | 1 Debian | 1 Dpkg-cross | 2024-05-17 | 6.9 MEDIUM | N/A |
| gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot. | |||||
| CVE-2024-30033 | 2024-05-14 | N/A | 7.0 HIGH | ||
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-26238 | 2024-05-14 | N/A | 7.8 HIGH | ||
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
| CVE-2024-30018 | 2024-05-14 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-3037 | 2024-05-14 | N/A | 6.0 MEDIUM | ||
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | |||||
| CVE-2024-4712 | 2024-05-14 | N/A | 6.0 MEDIUM | ||
| An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | |||||
| CVE-2023-34283 | 2024-05-03 | N/A | 4.6 MEDIUM | ||
| NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. | |||||
| CVE-2023-32178 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TelFileTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19396. | |||||
| CVE-2023-32175 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899. | |||||
| CVE-2023-27347 | 2024-05-03 | N/A | 7.8 HIGH | ||
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749. | |||||
| CVE-2023-32179 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19397. | |||||
| CVE-2023-42126 | 2024-05-03 | N/A | 7.8 HIGH | ||
| G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the GDBackupSvc service. By creating a symbolic link, an attacker can abuse the service to create a file with a permissive DACL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20694. | |||||
| CVE-2023-42099 | 2024-05-03 | N/A | 7.8 HIGH | ||
| Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21846. | |||||