Search
Search Results (1690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 5.5 Medium |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | ||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 4.7 Medium |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | ||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.1 High |
| rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | ||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2024-11-21 | 6.5 Medium |
| The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | ||||
| CVE-2009-0035 | 1 Alsa-project | 1 Alsa | 2024-11-21 | 5.5 Medium |
| alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | ||||
| CVE-2008-7273 | 1 Getfiregpg | 1 Iceweasel-firegpg | 2024-11-21 | 7.8 High |
| A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. | ||||
| CVE-2024-41738 | 1 Ibm | 1 Txseries For Multiplatforms | 2024-11-14 | 5.9 Medium |
| IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | ||||
| CVE-2024-5928 | 1 Vipre | 1 Advanced Security | 2024-08-23 | 7.8 High |
| VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315. | ||||
| CVE-2024-40464 | 1 Beego | 1 Beego | 2024-08-15 | 8.8 High |
| An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | ||||
| CVE-2024-32931 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-08-09 | 5.7 Medium |
| Under certain circumstances the exacqVision Web Service can expose authentication token details within communications. | ||||