Search
Total
874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1593 | 1 Microsoft | 3 Windows 2000, Windows 95, Windows 98 | 2020-01-10 | 7.6 HIGH | N/A |
| Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. | |||||
| CVE-2019-16896 | 1 K7computing | 1 K7 Ultimate Security | 2020-01-09 | 2.1 LOW | 7.8 HIGH |
| In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | |||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2020-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | |||||
| CVE-2014-7206 | 1 Debian | 2 Advanced Package Tool, Apt | 2020-01-08 | 3.6 LOW | N/A |
| The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | |||||
| CVE-2019-8463 | 1 Checkpoint | 1 Endpoint Security Clients | 2020-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. | |||||
| CVE-2019-6679 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-01-02 | 3.6 LOW | 3.3 LOW |
| On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. | |||||
| CVE-2010-3691 | 1 Apereo | 1 Phpcas | 2019-12-30 | 3.3 LOW | N/A |
| PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | |||||
| CVE-2019-8789 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2019-12-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Parsing a maliciously crafted iBooks file may lead to disclosure of user information. | |||||
| CVE-2019-8568 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-20 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A local user may be able to modify protected parts of the file system. | |||||
| CVE-2019-18232 | 2 Gemalto, Microsoft | 2 Sentinel Ldk License Manager, Windows | 2019-12-19 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. | |||||
| CVE-2008-7247 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 6.0 MEDIUM | N/A |
| sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink. | |||||
| CVE-2008-4098 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-12-17 | 4.6 MEDIUM | N/A |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | |||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 3.6 LOW | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
| CVE-2009-4030 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 4.4 MEDIUM | N/A |
| MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | |||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2019-12-17 | 3.6 LOW | 5.5 MEDIUM |
| Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | |||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2019-12-11 | 6.6 MEDIUM | 7.1 HIGH |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | |||||
| CVE-2019-7183 | 1 Qnap | 1 Qts | 2019-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. | |||||
| CVE-2019-3749 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\ICProgress\Dell_InventoryCollector_Progress.xml" to any targeted file. This issue occurs because permissions on the Temp directory were set incorrectly. | |||||
| CVE-2019-3750 | 1 Dell | 1 Command Update | 2019-12-10 | 3.6 LOW | 5.5 MEDIUM |
| Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. A local authenticated malicious user with low privileges potentially could exploit this vulnerability to delete arbitrary files by creating a symlink from the "Temp\IC\ICDebugLog.txt" to any targeted file. This issue occurs because of insecure handling of Temp directory permissions that were set incorrectly. | |||||
| CVE-2019-17445 | 2 Eracent, Linux | 7 Eda Agent, Epa Agent, Epm Agent and 4 more | 2019-12-04 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2019-12-04 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2019-11-25 | 3.6 LOW | 5.5 MEDIUM |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | |||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| python-rply before 0.7.4 insecurely creates temporary files. | |||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2019-11-20 | 6.6 MEDIUM | 5.5 MEDIUM |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | |||||
| CVE-2008-7273 | 1 Getfiregpg | 1 Iceweasel-firegpg | 2019-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. | |||||
| CVE-2019-18837 | 2 Crun Project, Fedoraproject | 2 Crun, Fedora | 2019-11-18 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2019-11-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2019-11-15 | 3.3 LOW | 4.7 MEDIUM |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | |||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2019-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| atop: symlink attack possible due to insecure tempfile handling | |||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2019-11-14 | 7.8 HIGH | 7.5 HIGH |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | |||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2019-11-14 | 3.3 LOW | 5.5 MEDIUM |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2019-11-14 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2019-18658 | 1 Helm | 1 Helm | 2019-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue. | |||||
| CVE-2013-1809 | 2 Debian, Gambas Project | 2 Debian Linux, Gambas | 2019-11-13 | 6.4 MEDIUM | 7.5 HIGH |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | |||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2019-11-05 | 3.6 LOW | 7.1 HIGH |
| rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | |||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2019-11-05 | 5.5 MEDIUM | 6.5 MEDIUM |
| The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | |||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Hadoop 1.0.3 contains a symlink vulnerability. | |||||
| CVE-2019-1317 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-10-11 | 5.6 MEDIUM | 7.3 HIGH |
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||||
| CVE-2019-12672 | 1 Cisco | 1 Ios | 2019-10-09 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device. | |||||
| CVE-2018-1834 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. | |||||
| CVE-2018-1780 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. | |||||
| CVE-2018-1781 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. | |||||
| CVE-2018-17955 | 1 Opensuse | 1 Yast2-multipath | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2017-7500 | 1 Rpm | 1 Rpm | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. | |||||
| CVE-2017-5188 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | |||||
| CVE-2017-2619 | 3 Debian, Redhat, Samba | 3 Debian Linux, Enterprise Linux, Samba | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||||
| CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
| CVE-2017-12172 | 1 Postgresql | 1 Postgresql | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | |||||