Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4287 | 1 Microsoft | 1 Binwalk | 2024-05-17 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876. | |||||
| CVE-2019-11879 | 1 Ruby-lang | 1 Webrick | 2024-05-17 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem." | |||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2024-05-17 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users." | |||||
| CVE-2008-5034 | 1 A Mennucc1 | 1 Printfilters-ppd | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'. | |||||
| CVE-2008-4998 | 1 Twiki | 1 Twiki | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid." | |||||
| CVE-2008-4997 | 1 Pilot-qof | 1 Datafreedom-perl | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage." | |||||
| CVE-2008-4996 | 1 Debian | 1 Initramfs-tools | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable." | |||||
| CVE-2008-4977 | 1 Postfix | 1 Postfix | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it." | |||||
| CVE-2008-4953 | 1 Firehol | 1 Firehol | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks." | |||||
| CVE-2008-4950 | 1 Debian | 1 Dpkg-cross | 2024-05-17 | 6.9 MEDIUM | N/A |
| ** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot." | |||||
| CVE-2024-30018 | 2024-05-14 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30033 | 2024-05-14 | N/A | 7.0 HIGH | ||
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-26238 | 2024-05-14 | N/A | 7.8 HIGH | ||
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
| CVE-2024-3037 | 2024-05-14 | N/A | 6.0 MEDIUM | ||
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | |||||
| CVE-2024-4712 | 2024-05-14 | N/A | 6.0 MEDIUM | ||
| An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | |||||
| CVE-2023-32178 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TelFileTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19396. | |||||
| CVE-2023-34283 | 2024-05-03 | N/A | 4.6 MEDIUM | ||
| NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. | |||||
| CVE-2023-27347 | 2024-05-03 | N/A | 7.8 HIGH | ||
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749. | |||||
| CVE-2023-32179 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the FPQuarTransfer method. By creating a symbolic link, an attacker can abuse the method to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-19397. | |||||
| CVE-2023-32175 | 2024-05-03 | N/A | 7.8 HIGH | ||
| VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899. | |||||