Vulnerabilities (CVE)

Filtered by CWE-59
Total 1013 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-52091 1 Trendmicro 1 Apex One 2024-01-29 N/A 7.8 HIGH
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2023-52090 1 Trendmicro 1 Apex One 2024-01-29 N/A 7.8 HIGH
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2004-0217 2 Redhat, Symantec 2 Linux, Antivirus Scan Engine 2024-01-26 3.7 LOW 7.0 HIGH
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
CVE-2003-0517 1 Mgetty Project 1 Mgetty 2024-01-26 2.1 LOW 5.5 MEDIUM
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
CVE-2003-0578 1 Ibm 1 U2 Universe 2024-01-26 4.6 MEDIUM 7.8 HIGH
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
CVE-2002-0793 1 Blackberry 1 Qnx Neutrino Real-time Operating System 2024-01-26 4.6 MEDIUM 5.5 MEDIUM
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
CVE-2001-1494 2 Avaya, Kernel 7 Cvlan, Integrated Management Suit, Interactive Response and 4 more 2024-01-26 2.1 LOW 5.5 MEDIUM
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
CVE-2005-1111 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Cpio 2024-01-26 3.7 LOW 4.7 MEDIUM
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVE-2004-1901 1 Gentoo 2 Linux, Portage 2024-01-26 4.6 MEDIUM 5.5 MEDIUM
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2004-1603 1 Cpanel 1 Cpanel 2024-01-26 5.0 MEDIUM 5.5 MEDIUM
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
CVE-2004-0689 2 Debian, Kde 2 Debian Linux, Kde 2024-01-26 4.6 MEDIUM 7.1 HIGH
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2005-1916 2 Debian, Ekg Project 2 Debian Linux, Ekg 2024-01-26 2.1 LOW 5.5 MEDIUM
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2005-1879 1 Lutel 1 Lutelwall 2024-01-26 2.1 LOW 5.5 MEDIUM
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-1880 1 Everybuddy 1 Everybuddy 2024-01-26 2.1 LOW 5.5 MEDIUM
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2005-0824 1 Mathopd 1 Mathopd 2024-01-26 3.6 LOW 5.5 MEDIUM
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
CVE-2000-1178 1 Joseph Allen 1 Joe 2024-01-26 2.1 LOW 5.5 MEDIUM
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
CVE-2000-0972 1 Hp 1 Hp-ux 2024-01-26 2.1 LOW 5.5 MEDIUM
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
CVE-1999-1386 1 Perl 1 Perl 2024-01-26 2.1 LOW 5.5 MEDIUM
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
CVE-1999-0783 1 Freebsd 1 Freebsd 2024-01-26 5.0 MEDIUM 5.5 MEDIUM
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
CVE-2002-2323 1 Sun 1 Solaris Pc Netlink 2024-01-25 5.0 MEDIUM 7.5 HIGH
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.