Total
1414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44131 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data. | ||||
| CVE-2024-32002 | 2 Git, Redhat | 6 Git, Enterprise Linux, Rhel Aus and 3 more | 2025-11-04 | 9.1 Critical |
| Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | ||||
| CVE-2025-43726 | 1 Dell | 1 Alienware Command Center | 2025-11-04 | 6.7 Medium |
| Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2024-44273 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information. | ||||
| CVE-2024-44264 | 1 Apple | 1 Macos | 2025-11-03 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2025-30457 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2025-24278 | 1 Apple | 1 Macos | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | ||||
| CVE-2025-24242 | 1 Apple | 1 Macos | 2025-11-03 | 4.4 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information. | ||||
| CVE-2024-44258 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2025-11-03 | 7.1 High |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-11-03 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-44175 | 1 Apple | 1 Macos | 2025-11-03 | 7.5 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | ||||
| CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2025-11-03 | 7.8 High |
| RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | ||||
| CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | 8.4 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
| CVE-2022-22995 | 3 Fedoraproject, Netatalk, Westerndigital | 24 Fedora, Netatalk, My Cloud and 21 more | 2025-11-03 | 10 Critical |
| The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | ||||
| CVE-2025-24136 | 1 Apple | 1 Macos | 2025-11-03 | 4.4 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
| CVE-2025-24104 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-03 | 5.5 Medium |
| This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-24103 | 1 Apple | 1 Macos | 2025-11-03 | 9.8 Critical |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data. | ||||
| CVE-2025-54798 | 1 Raszi | 2 Node-tmp, Tmp | 2025-11-03 | 2.5 Low |
| tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||||
| CVE-2025-52936 | 2025-11-03 | N/A | ||
| Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | ||||
| CVE-2025-43252 | 1 Apple | 2 Macos, Macos Sequoia | 2025-11-03 | 6.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.6. A website may be able to access sensitive user data when resolving symlinks. | ||||