WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.
Max CVSS
7.9
EPSS Score
0.05%
Published
2024-03-24
Updated
2024-03-25
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-01-09
Updated
2024-01-16
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-31
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.
Max CVSS
9.6
EPSS Score
0.33%
Published
2024-02-05
Updated
2024-02-29
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-29
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-29
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-29
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-23
Updated
2024-01-30
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.
Max CVSS
8.1
EPSS Score
0.05%
Published
2023-10-25
Updated
2023-11-01
1E Client installer can perform arbitrary file deletion on protected files.   A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. for v8.1 use hotfix Q23097 for v8.4 use hotfix Q23105 for v9.0 use hotfix Q23115 for SaaS customers, use 1EClient v23.7 plus hotfix Q23121
Max CVSS
8.4
EPSS Score
0.05%
Published
2023-10-05
Updated
2023-10-19
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-15
Updated
2023-11-21
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-12-22
Updated
2024-01-03
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-10-25
Updated
2023-11-02
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.
Max CVSS
7.8
EPSS Score
0.05%
Published
2024-01-15
Updated
2024-01-19
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
Max CVSS
7.3
EPSS Score
0.04%
Published
2024-03-26
Updated
2024-03-26
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-11-16
Updated
2023-11-29
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
Max CVSS
9.1
EPSS Score
0.06%
Published
2023-08-04
Updated
2023-08-10
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
Max CVSS
7.5
EPSS Score
0.53%
Published
2023-08-25
Updated
2023-09-08
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-06-07
Updated
2023-11-25
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
Max CVSS
8.8
EPSS Score
0.10%
Published
2023-05-30
Updated
2023-06-05
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
Max CVSS
7.1
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-13
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-09-19
Updated
2023-09-25
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-09-06
Updated
2023-09-11
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.
Max CVSS
8.4
EPSS Score
0.04%
Published
2024-01-11
Updated
2024-01-18
464 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!