Search
Total
265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1612 | 1 Cisco | 1 Sd-wan | 2021-09-30 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | |||||
| CVE-2021-21300 | 3 Apple, Fedoraproject, Git-scm | 4 Macos, Xcode, Fedora and 1 more | 2021-09-23 | 5.1 MEDIUM | 7.5 HIGH |
| Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. | |||||
| CVE-2020-24559 | 3 Apple, Microsoft, Trendmicro | 6 Macos, Windows, Apex One and 3 more | 2021-09-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2019-3699 | 2 Opensuse, Privoxy | 3 Factory, Leap, Privoxy | 2021-09-14 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. | |||||
| CVE-2019-3697 | 2 Gnu, Opensuse | 2 Gnump3d, Leap | 2021-09-14 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | |||||
| CVE-2019-3698 | 3 Nagios, Opensuse, Suse | 4 Nagios, Backports Sle, Leap and 1 more | 2021-09-14 | 6.9 MEDIUM | 7.0 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions. | |||||
| CVE-2021-23240 | 3 Fedoraproject, Netapp, Sudo Project | 4 Fedora, Hci Management Node, Solidfire and 1 more | 2021-09-13 | 4.4 MEDIUM | 7.8 HIGH |
| selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | |||||
| CVE-2019-12573 | 3 Apple, Linux, Londontrustmedia | 3 Macos, Linux Kernel, Private Internet Access Vpn Client | 2021-09-08 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. The openvpn_launcher binary is setuid root. This binary supports the --log option, which accepts a path as an argument. This parameter is not sanitized, which allows a local unprivileged user to overwrite arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user. | |||||
| CVE-2019-12571 | 2 Apple, Londontrustmedia | 2 Macos, Private Internet Access Vpn Client | 2021-09-08 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. When the client initiates a connection, the XML /tmp/pia-watcher.plist file is created. If the file exists, it will be truncated and the contents completely overwritten. This file is removed on disconnect. An unprivileged user can create a hard or soft link to arbitrary files owned by any user on the system, including root. This creates a denial of service condition and possible data loss if leveraged by a malicious local user. | |||||
| CVE-2021-36983 | 1 Replaysorcery Project | 1 Replaysorcery | 2021-08-07 | 7.2 HIGH | 7.8 HIGH |
| replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. | |||||
| CVE-2021-1091 | 1 Nvidia | 1 Gpu Display Driver | 2021-07-31 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | |||||
| CVE-2019-13226 | 1 Deepin | 1 Deepin-clone | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. | |||||
| CVE-2019-12779 | 1 Clusterlabs | 1 Libqb | 2021-07-03 | 6.6 MEDIUM | 7.1 HIGH |
| libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. | |||||
| CVE-2017-7501 | 1 Rpm | 1 Rpm | 2021-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. | |||||
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2021-06-23 | 3.6 LOW | 7.1 HIGH |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | |||||
| CVE-2021-0094 | 1 Intel | 1 Driver \& Support Assistant | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-15076 | 1 Openvpn | 1 Private Tunnel | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. | |||||
| CVE-2020-28007 | 1 Exim | 1 Exim | 2021-05-10 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. | |||||
| CVE-2021-30463 | 1 Vestacp | 1 Control Panel | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. | |||||
| CVE-2020-15075 | 1 Openvpn | 1 Connect | 2021-04-06 | 3.6 LOW | 7.1 HIGH |
| OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | |||||
| CVE-2021-3310 | 1 Westerndigital | 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more | 2021-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). | |||||
| CVE-2020-29529 | 1 Hashicorp | 1 Go-slug | 2021-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. | |||||
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2021-02-26 | 7.2 HIGH | 7.8 HIGH |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | |||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2021-02-25 | 6.9 MEDIUM | 7.8 HIGH |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | |||||
| CVE-2020-35766 | 1 Opendkim | 1 Opendkim | 2020-12-30 | 4.4 MEDIUM | 7.8 HIGH |
| The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. | |||||
| CVE-2020-28641 | 1 Malwarebytes | 2 Endpoint Protection, Malwarebytes | 2020-12-23 | 6.6 MEDIUM | 7.1 HIGH |
| In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | |||||
| CVE-2020-10003 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-12-15 | 4.6 MEDIUM | 7.8 HIGH |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-23968 | 1 Ilex | 1 International Sign\&go | 2020-12-01 | 6.9 MEDIUM | 7.8 HIGH |
| Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | |||||
| CVE-2020-6012 | 1 Checkpoint | 1 Zonealarm Anti-ransomware | 2020-12-01 | 4.4 MEDIUM | 7.0 HIGH |
| ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access. | |||||
| CVE-2019-3692 | 2 Opensuse, Suse | 4 Factory, Leap, Inn and 1 more | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | |||||
| CVE-2020-8015 | 2 Exim, Opensuse | 2 Exim, Opensuse | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. | |||||
| CVE-2019-18898 | 1 Suse | 3 Opensuse Factory, Suse Linux Enterprise Server, Trousers | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | |||||
| CVE-2019-3691 | 2 Opensuse, Suse | 3 Factory, Munge, Suse Linux Enterprise Server | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. | |||||
| CVE-2019-3694 | 2 Opensuse, Suse | 4 Factory, Leap, Munin and 1 more | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. | |||||
| CVE-2019-18897 | 1 Suse | 1 Linux Enterprise Server | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. | |||||
| CVE-2019-3693 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise Server, Mailman | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | |||||
| CVE-2019-3690 | 1 Opensuse | 1 Leap | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. | |||||
| CVE-2020-2026 | 1 Katacontainers | 1 Runtime | 2020-11-05 | 4.6 MEDIUM | 8.8 HIGH |
| A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions. | |||||
| CVE-2020-14004 | 1 Icinga | 1 Icinga | 2020-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | |||||
| CVE-2020-9901 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2020-10-29 | 4.6 MEDIUM | 7.8 HIGH |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-9900 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges. | |||||
| CVE-2019-8454 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2020-10-22 | 6.9 MEDIUM | 7.0 HIGH |
| A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | |||||
| CVE-2019-8452 | 1 Checkpoint | 2 Endpoint Security, Zonealarm | 2020-10-22 | 4.6 MEDIUM | 7.8 HIGH |
| A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | |||||
| CVE-2019-8455 | 1 Checkpoint | 1 Zonealarm | 2020-10-22 | 3.6 LOW | 7.1 HIGH |
| A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | |||||
| CVE-2019-18575 | 1 Dell | 1 Command\|configure | 2020-10-16 | 6.6 MEDIUM | 7.1 HIGH |
| Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | |||||
| CVE-2019-1836 | 1 Cisco | 3 Nexus 9300, Nexus 9500, Nx-os | 2020-10-13 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i). | |||||
| CVE-2020-17365 | 1 Pango | 1 Hotspot Shield | 2020-10-09 | 7.2 HIGH | 7.8 HIGH |
| Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. | |||||
| CVE-2020-12254 | 1 Avira | 1 Antivirus | 2020-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | |||||
| CVE-2019-10152 | 2 Libpod Project, Opensuse | 2 Libpod, Leap | 2020-09-30 | 2.6 LOW | 7.2 HIGH |
| A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container. | |||||
| CVE-2020-25744 | 1 Safervpn | 1 Safervpn | 2020-09-25 | 5.5 MEDIUM | 8.1 HIGH |
| SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. | |||||