Total
564 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | ||||
| CVE-2013-6418 | 1 Pywbem Project | 1 Pywbem | 2025-04-12 | N/A |
| PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | ||||
| CVE-2013-6435 | 3 Debian, Redhat, Rpm | 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more | 2025-04-12 | N/A |
| Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | ||||
| CVE-2015-8767 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-12 | N/A |
| net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | ||||
| CVE-2015-1743 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748. | ||||
| CVE-2013-4169 | 2 Gnome, Redhat | 2 Gnome Display Manager, Enterprise Linux | 2025-04-11 | N/A |
| GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | ||||
| CVE-2013-3888 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 8.4 High |
| dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." | ||||
| CVE-2011-1833 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | N/A |
| Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. | ||||
| CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-11 | N/A |
| A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | ||||
| CVE-2013-0219 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-04-11 | N/A |
| System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | ||||
| CVE-2012-3500 | 2 Devscripts Devel Team, Fedora | 2 Devscripts, Rpmdevtools | 2025-04-11 | N/A |
| scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file. | ||||
| CVE-2012-2652 | 1 Qemu | 1 Qemu | 2025-04-11 | N/A |
| The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. | ||||
| CVE-2010-0085 | 2 Redhat, Sun | 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. | ||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2025-04-11 | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | ||||
| CVE-2011-1098 | 2 Gentoo, Redhat | 2 Logrotate, Enterprise Linux | 2025-04-11 | N/A |
| Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. | ||||
| CVE-2022-32638 | 2 Google, Mediatek | 30 Android, Mt6781, Mt6833 and 27 more | 2025-04-10 | 6.4 Medium |
| In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449. | ||||
| CVE-2022-25716 | 1 Qualcomm | 14 Sd888 5g, Sd888 5g Firmware, Wcd9380 and 11 more | 2025-04-09 | 6.7 Medium |
| Memory corruption in Multimedia Framework due to unsafe access to the data members | ||||
| CVE-2021-46795 | 1 Amd | 5 Cezannepi-fp6, Cezannepi-fp6 Firmware, Comboam4v2 Pi and 2 more | 2025-04-09 | 4.7 Medium |
| A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | ||||
| CVE-2022-36927 | 1 Zoom | 1 Rooms | 2025-04-09 | 8.8 High |
| Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | ||||
| CVE-2022-36929 | 1 Zoom | 1 Rooms | 2025-04-09 | 7.8 High |
| The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | ||||