385 matches found
CVE-2025-13154
CVE-2025-13154 affects Lenovo Vantage SmartPerformanceAddin. Root cause: improper link following enabling an authenticated local user to delete arbitrary files with elevated privileges. Impact: local privilege escalation with high availability impact; base metrics: CVSS v3.1 (AV:L/AC:L/PR:L/UI:N/...
CVE-2025-13154
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...
Lenovo Vantage 安全漏洞
Lenovo Vantage is a computer management application from the Chinese company Lenovo Lenovo. The program supports features such as driver updates, device status diagnostics, and computer configuration. A security vulnerability exists in Lenovo Vantage, which stems from improper link following and...
PT-2026-2958
Name of the Vulnerable Software and Affected Versions Lenovo Vantage SmartPerformanceAddin versions prior to 1.1.0.1111 Description An improper link following issue exists in the SmartPerformanceAddin for Lenovo Vantage. This allows an authenticated local user to perform arbitrary file deletion...
CVE-2025-46637
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-46637
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-46636
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...
EUVD-2025-202264
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering...
EUVD-2025-202266
Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges...
PT-2025-50111
Name of the Vulnerable Software and Affected Versions Dell Encryption versions prior to 11.12.1 Description Dell Encryption contains an Improper Link Resolution Before File Access 'Link Following' issue. A local attacker with low privileges could potentially tamper with information by exploiting...
JLSEC-2025-235 An improper link resolution flaw while extracting an archive can lead to changing the access control...
An improper link resolution flaw while extracting an archive can lead to changing the access control list ACL of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw...
Siemens SIMATIC S7-1500 Improper Link Resolution Before File Access (CVE-2021-28153)
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
Generex UPS Adapter CS141 Improper Link Resolution Before File Access (CVE-2022-47188)
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. This plugin only works with Tenable.ot...
CVE-2025-24918
Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...
EUVD-2025-93447
Improper link resolution before file access 'link following' in Windows Routing and Remote Access Service RRAS allows an authorized attacker to deny service locally...
CVE-2025-24918
Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...
Host Process for Windows Tasks Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally...
Intel Server Configuration Utility和Intel Server Firmware Update Utility 后置链接漏洞
Intel Server Configuration Utility and Intel Server Firmware Update Utility are both products of Intel Corporation Intel, U.S.A. Intel Server Configuration Utility is a command line utility. Intel Server Firmware Update Utility is a command line utility. A backlink vulnerability exists in Intel...
BIT-DOTNET-2025-55247 .NET Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via improper handling of symbolic links before file access. An attacker can gain elevated privileges by exploiting the way the system resolves links, potentially accessing or modifying files with higher permissions...