Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44131 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-25 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data. | ||||
| CVE-2022-42291 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-03-25 | 8.2 High |
| NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | ||||
| CVE-2022-42292 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2025-03-25 | 5 Medium |
| NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | ||||
| CVE-2023-24572 | 1 Dell | 1 Command \| Integration Suite For System Center | 2025-03-21 | 4.7 Medium |
| Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
| CVE-2023-23697 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2025-03-21 | 4.7 Medium |
| Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | ||||
| CVE-2023-23558 | 1 Eternal Terminal Project | 1 Eternal Terminal | 2025-03-19 | 6.3 Medium |
| In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file. | ||||
| CVE-2025-24103 | 1 Apple | 1 Macos | 2025-03-18 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data. | ||||
| CVE-2024-44178 | 1 Apple | 1 Macos | 2025-03-15 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
| CVE-2024-9341 | 2 Containers, Redhat | 5 Common, Enterprise Linux, Openshift and 2 more | 2025-03-14 | 5.4 Medium |
| A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. | ||||
| CVE-2024-36305 | 1 Trendmicro | 1 Apex One | 2025-03-14 | 7.8 High |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-42942 | 1 Apple | 6 Ipad Os, Ipados, Iphone Os and 3 more | 2025-03-14 | 7.8 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-27885 | 1 Apple | 1 Macos | 2025-03-13 | 6.3 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2022-30333 | 4 Debian, Linux, Opengroup and 1 more | 4 Debian Linux, Linux Kernel, Unix and 1 more | 2025-03-13 | 7.5 High |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | ||||
| CVE-2025-1683 | 2025-03-13 | 7.8 High | ||
| Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links. | ||||
| CVE-2025-21373 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2025-21322 | 1 Microsoft | 1 Pc Manager | 2025-03-12 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2025-21347 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-12 | 6 Medium |
| Windows Deployment Services Denial of Service Vulnerability | ||||
| CVE-2025-21420 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-03-12 | 7.8 High |
| Windows Disk Cleanup Tool Elevation of Privilege Vulnerability | ||||
| CVE-2025-21419 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 7.1 High |
| Windows Setup Files Cleanup Elevation of Privilege Vulnerability | ||||
| CVE-2025-21391 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-12 | 7.1 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||