Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26277 | 1 Dbdeployer | 1 Dbdeployer | 2020-12-23 | 4.0 MEDIUM | 6.1 MEDIUM |
| DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2. | |||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2020-12-03 | 3.6 LOW | 6.1 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | |||||
| CVE-2020-23968 | 1 Ilex | 1 International Sign\&go | 2020-12-01 | 6.9 MEDIUM | 7.8 HIGH |
| Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | |||||
| CVE-2020-8015 | 2 Exim, Opensuse | 2 Exim, Opensuse | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. | |||||
| CVE-2019-3690 | 1 Opensuse | 1 Leap | 2020-11-20 | 7.2 HIGH | 7.8 HIGH |
| The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges. | |||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2020-11-19 | 7.2 HIGH | 6.2 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | |||||
| CVE-2020-6015 | 1 Checkpoint | 1 Endpoint Security | 2020-11-17 | 2.1 LOW | 5.5 MEDIUM |
| Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. | |||||
| CVE-2009-0035 | 1 Alsa-project | 1 Alsa | 2020-11-16 | 3.6 LOW | 5.5 MEDIUM |
| alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | |||||
| CVE-2010-3879 | 1 Libfuse Project | 1 Libfuse | 2020-11-10 | 5.8 MEDIUM | N/A |
| FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. | |||||
| CVE-2018-21269 | 1 Openrc Project | 1 Openrc | 2020-11-02 | 2.1 LOW | 5.5 MEDIUM |
| checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink. | |||||
| CVE-2017-18925 | 1 Openr | 1 Opentmpfiles | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. | |||||
| CVE-2019-8452 | 1 Checkpoint | 2 Endpoint Security, Zonealarm | 2020-10-22 | 4.6 MEDIUM | 7.8 HIGH |
| A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | |||||
| CVE-2019-8455 | 1 Checkpoint | 1 Zonealarm | 2020-10-22 | 3.6 LOW | 7.1 HIGH |
| A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | |||||
| CVE-2019-5438 | 1 Harpjs | 1 Harp | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Path traversal using symlink in npm harp module versions <= 0.29.0. | |||||
| CVE-2019-18575 | 1 Dell | 1 Command\|configure | 2020-10-16 | 6.6 MEDIUM | 7.1 HIGH |
| Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system. | |||||
| CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2020-10-14 | 3.3 LOW | N/A |
| lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | |||||
| CVE-2019-1836 | 1 Cisco | 3 Nexus 9300, Nexus 9500, Nx-os | 2020-10-13 | 6.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-root users. The attacker would need valid device credentials. The vulnerability is due to incorrect symbolic link verification of directory paths when they are used in the system shell. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input to specific symbolic link CLI commands. Successful exploitation could allow the attacker to overwrite system files that should be restricted. This vulnerability has been fixed in software version 14.1(1i). | |||||
| CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2020-10-09 | 3.3 LOW | N/A |
| htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2020-17365 | 1 Pango | 1 Hotspot Shield | 2020-10-09 | 7.2 HIGH | 7.8 HIGH |
| Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. | |||||
| CVE-2020-12254 | 1 Avira | 1 Antivirus | 2020-10-06 | 4.6 MEDIUM | 7.8 HIGH |
| Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | |||||