Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32549 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32548 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32547 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. | |||||
| CVE-2020-15076 | 1 Openvpn | 1 Private Tunnel | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. | |||||
| CVE-2020-28007 | 1 Exim | 1 Exim | 2021-05-10 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. | |||||
| CVE-2021-30356 | 1 Checkpoint | 1 Identity Agent | 2021-04-27 | 5.5 MEDIUM | 8.1 HIGH |
| A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. | |||||
| CVE-2021-30463 | 1 Vestacp | 1 Control Panel | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. | |||||
| CVE-2007-5437 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.8 MEDIUM | N/A |
| The web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689. | |||||
| CVE-2020-15075 | 1 Openvpn | 1 Connect | 2021-04-06 | 3.6 LOW | 7.1 HIGH |
| OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | |||||
| CVE-2021-27241 | 1 Avast | 1 Premium Security | 2021-04-01 | 3.6 LOW | 6.1 MEDIUM |
| This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. | |||||
| CVE-2014-5459 | 3 Opensuse, Oracle, Php | 4 Evergreen, Opensuse, Solaris and 1 more | 2021-03-29 | 3.6 LOW | N/A |
| The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | |||||
| CVE-2021-3310 | 1 Westerndigital | 9 My Cloud Dl2100, My Cloud Dl4100, My Cloud Ex2100 and 6 more | 2021-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files). | |||||
| CVE-2013-1888 | 2 Fedoraproject, Pypa | 2 Fedora, Pip | 2021-03-15 | 2.1 LOW | N/A |
| pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | |||||
| CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2021-03-11 | 6.9 MEDIUM | N/A |
| BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | |||||
| CVE-2020-29529 | 1 Hashicorp | 1 Go-slug | 2021-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. | |||||
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2021-02-26 | 7.2 HIGH | 7.8 HIGH |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | |||||
| CVE-2020-8585 | 1 Netapp | 1 Oncommand Unified Manager | 2021-02-03 | 2.1 LOW | 5.5 MEDIUM |
| OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | |||||
| CVE-2020-4966 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-01-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 192423. | |||||
| CVE-2020-35766 | 1 Opendkim | 1 Opendkim | 2020-12-30 | 4.4 MEDIUM | 7.8 HIGH |
| The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. | |||||
| CVE-2020-28641 | 1 Malwarebytes | 2 Endpoint Protection, Malwarebytes | 2020-12-23 | 6.6 MEDIUM | 7.1 HIGH |
| In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | |||||