Search
Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18466 | 1 Libpod Project | 1 Libpod | 2020-01-15 | 5.8 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. | |||||
| CVE-2019-8789 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2019-12-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. | |||||
| CVE-2019-8568 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-20 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system. | |||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2019-12-17 | 3.6 LOW | 5.5 MEDIUM |
| Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | |||||
| CVE-2019-3749 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | |||||
| CVE-2019-3750 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | |||||
| CVE-2019-17445 | 2 Eracent, Linux | 7 Eda Agent, Epa Agent, Epm Agent and 4 more | 2019-12-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | |||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2019-11-25 | 3.6 LOW | 5.5 MEDIUM |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | |||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| python-rply before 0.7.4 insecurely creates temporary files. | |||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2019-11-20 | 6.6 MEDIUM | 5.5 MEDIUM |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2019-11-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 3.3 LOW | 4.7 MEDIUM |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | |||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2019-11-14 | 3.3 LOW | 5.5 MEDIUM |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2019-11-14 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2019-11-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | |||||
| CVE-2019-12672 | 1 Cisco | 1 Ios | 2019-10-09 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. | |||||
| CVE-2018-17955 | 1 Opensuse | 1 Yast2-multipath | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
| CVE-2017-12172 | 1 Postgresql | 1 Postgresql | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | |||||
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
| CVE-2017-2390 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors. | |||||
| CVE-2018-14329 | 1 Htslib | 1 Htslib | 2019-09-18 | 3.3 LOW | 4.7 MEDIUM |
| In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2019-13229 | 1 Deepin | 1 Deepin Clone | 2019-08-14 | 6.6 MEDIUM | 5.5 MEDIUM |
| deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | |||||
| CVE-2017-7418 | 1 Proftpd | 1 Proftpd | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. | |||||
| CVE-2018-19044 | 1 Keepalived | 1 Keepalived | 2019-08-06 | 3.3 LOW | 4.7 MEDIUM |
| keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. | |||||
| CVE-2017-15111 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2019-08-06 | 3.6 LOW | 5.5 MEDIUM |
| keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | |||||
| CVE-2019-13228 | 1 Deepin | 1 Deepin-clone | 2019-07-28 | 6.6 MEDIUM | 4.7 MEDIUM |
| deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. | |||||
| CVE-2019-13227 | 1 Deepin | 1 Deepin-clone | 2019-07-28 | 6.6 MEDIUM | 5.5 MEDIUM |
| In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | |||||
| CVE-2019-13636 | 1 Gnu | 1 Patch | 2019-07-24 | 5.8 MEDIUM | 5.9 MEDIUM |
| In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | |||||
| CVE-2019-11230 | 1 Avast | 1 Antivirus | 2019-07-24 | 3.6 LOW | 4.4 MEDIUM |
| In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart. | |||||
| CVE-2018-19638 | 1 Opensuse | 1 Supportutils | 2019-05-08 | 3.3 LOW | 4.7 MEDIUM |
| In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | |||||
| CVE-2018-19637 | 1 Opensuse | 1 Supportutils | 2019-05-08 | 3.6 LOW | 5.5 MEDIUM |
| Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2019-04-22 | 2.1 LOW | 5.5 MEDIUM |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2016-4679 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | |||||
| CVE-2016-7619 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks. | |||||
| CVE-2018-15351 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2018-10-15 | 7.1 HIGH | 6.5 MEDIUM |
| Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | |||||
| CVE-2015-5700 | 1 Tug | 1 Texlive | 2018-10-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | |||||
| CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2018-09-18 | 3.6 LOW | 5.5 MEDIUM |
| The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | |||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2018-09-17 | 2.1 LOW | 5.5 MEDIUM |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | |||||
| CVE-2018-5107 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-4112 | 1 Apple | 1 Mac Os X | 2018-04-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. | |||||
| CVE-2018-1196 | 1 Pivotal Software | 1 Spring Boot | 2018-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. | |||||
| CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2018-04-12 | 3.3 LOW | 4.4 MEDIUM |
| Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | |||||
| CVE-2017-18188 | 1 Openr | 1 Opentmpfiles | 2018-03-09 | 2.1 LOW | 5.5 MEDIUM |
| OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run. | |||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2018-02-02 | 3.6 LOW | 5.5 MEDIUM |
| clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | |||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2018-01-30 | 2.1 LOW | 5.5 MEDIUM |
| lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | |||||
| CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2018-01-10 | 3.6 LOW | 5.5 MEDIUM |
| The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | |||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2017-12-08 | 3.6 LOW | 5.5 MEDIUM |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | |||||