Total
1447 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29351 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 8.1 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2025-04-03 | 5.5 Medium |
| FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. | ||||
| CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | N/A |
| Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | ||||
| CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2025-04-03 | 5.5 Medium |
| Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | ||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2025-04-03 | 2.9 Low |
| htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2025-04-03 | 7.5 High |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | ||||
| CVE-2001-1043 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | 7.5 High |
| ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | ||||
| CVE-2002-2374 | 1 Sun | 1 Patchpro | 2025-04-03 | N/A |
| Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | ||||
| CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2025-04-03 | N/A |
| Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | ||||
| CVE-2006-1247 | 1 Ibm | 1 Aix | 2025-04-03 | N/A |
| rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2001-1494 | 3 Avaya, Kernel, Redhat | 8 Cvlan, Integrated Management Suit, Interactive Response and 5 more | 2025-04-03 | 5.5 Medium |
| script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | ||||
| CVE-2002-0725 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 5.5 Medium |
| NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | ||||
| CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2025-04-03 | 5.5 Medium |
| Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | ||||
| CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2025-04-03 | N/A |
| BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | ||||
| CVE-2005-0004 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-03 | N/A |
| The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. | ||||
| CVE-2002-2382 | 1 Cvsup | 1 Cvsup | 2025-04-03 | N/A |
| cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out. | ||||
| CVE-2004-2473 | 1 Wmfrog | 1 Wmfrog | 2025-04-03 | N/A |
| wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2025-04-03 | 7.0 High |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | ||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | ||||
| CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | 7.5 High |
| Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | ||||