Vulnerabilities (CVE)

Filtered by CWE-59
Total 1026 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28407 1 Swtpm Project 1 Swtpm 2023-12-10 N/A 7.1 HIGH
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.
CVE-2023-46655 1 Jenkins 1 Cloudbees Cd 2023-12-10 N/A 6.5 MEDIUM
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
CVE-2023-42844 1 Apple 1 Macos 2023-12-10 N/A 7.5 HIGH
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
CVE-2023-4052 1 Mozilla 2 Firefox, Firefox Esr 2023-12-10 N/A 6.5 MEDIUM
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.
CVE-2023-41968 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2023-12-10 N/A 5.5 MEDIUM
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.
CVE-2023-32163 2 Microsoft, Wacom 2 Windows, Driver 2023-12-10 N/A 7.8 HIGH
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
CVE-2019-13689 1 Google 2 Chrome, Chrome Os 2023-12-10 N/A 7.8 HIGH
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)
CVE-2018-17559 1 Abus 94 Tvip 10000, Tvip 10000 Firmware, Tvip 10001 and 91 more 2023-12-10 N/A 7.5 HIGH
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
CVE-2023-28797 1 Zscaler 1 Client Connector 2023-12-10 N/A 7.3 HIGH
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.
CVE-2023-5834 1 Hashicorp 1 Vagrant 2023-12-10 N/A 7.8 HIGH
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
CVE-2023-0652 1 Cloudflare 1 Warp 2023-12-10 N/A 7.8 HIGH
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
CVE-2022-31647 1 Docker 1 Desktop 2023-12-10 N/A 7.1 HIGH
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
CVE-2023-33865 1 Renderdoc 1 Renderdoc 2023-12-10 N/A 7.8 HIGH
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.
CVE-2023-28065 2 Dell, Microsoft 4 Alienware Update, Command Update, Update and 1 more 2023-12-10 N/A 7.3 HIGH
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
CVE-2023-33245 1 Minecraft 1 Minecraft 2023-12-10 N/A 8.8 HIGH
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
CVE-2023-27529 2 Apple, Wacom 2 Macos, Tablet Driver Installer 2023-12-10 N/A 7.8 HIGH
Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.
CVE-2022-43293 1 Wacom 1 Driver 2023-12-10 N/A 5.9 MEDIUM
Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.
CVE-2023-28642 1 Linuxfoundation 1 Runc 2023-12-10 N/A 7.8 HIGH
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
CVE-2022-38730 1 Docker 1 Desktop 2023-12-10 N/A 6.3 MEDIUM
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
CVE-2022-34292 1 Docker 1 Desktop 2023-12-10 N/A 7.1 HIGH
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.