Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20085 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6731 and 50 more | 2022-05-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. | |||||
| CVE-2022-24372 | 1 Linksys | 2 Mr9600, Mr9600 Firmware | 2022-05-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | |||||
| CVE-2021-27229 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2022-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | |||||
| CVE-2021-28321 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322. | |||||
| CVE-2020-4717 | 1 Ibm | 1 Spss Modeler | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727. | |||||
| CVE-2020-27697 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2022-05-03 | 6.9 MEDIUM | 7.8 HIGH |
| Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. | |||||
| CVE-2021-26889 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2021-31187 | 1 Microsoft | 1 Windows 10 | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| Windows WalletService Elevation of Privilege Vulnerability | |||||
| CVE-2021-26887 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability | |||||
| CVE-2021-26862 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-26426 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Account Profile Picture Elevation of Privilege Vulnerability | |||||
| CVE-2021-26873 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26866 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-05-03 | 3.6 LOW | 6.1 MEDIUM |
| Windows Update Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-26425 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-34486, CVE-2021-34487. | |||||
| CVE-2021-23872 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface. | |||||
| CVE-2021-23873 | 1 Mcafee | 1 Total Protection | 2022-05-03 | 3.6 LOW | 6.1 MEDIUM |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | |||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | |||||
| CVE-2020-11736 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, File-roller | 2022-04-27 | 3.3 LOW | 3.9 LOW |
| fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
| CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2022-04-26 | 4.4 MEDIUM | 7.0 HIGH |
| log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | |||||
| CVE-2020-6477 | 4 Apple, Fedoraproject, Google and 1 more | 5 Mac Os X, Fedora, Chrome and 2 more | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | |||||