Total
1092 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-02-04 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-02-04 | 6.6 MEDIUM | 7.1 HIGH |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | |||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | |||||
| CVE-2019-1385 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 6.1 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1422 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1423. | |||||
| CVE-2019-1317 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 5.6 MEDIUM | 7.3 HIGH |
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||||
| CVE-2019-18897 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. | |||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | |||||
| CVE-2015-1869 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | |||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2024-02-04 | 4.3 MEDIUM | 6.3 MEDIUM |
| Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | |||||
| CVE-2020-0730 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-7183 | 1 Qnap | 1 Qts | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. | |||||
| CVE-2009-0035 | 1 Alsa-project | 1 Alsa | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
| alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | |||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-02-04 | 6.4 MEDIUM | 8.2 HIGH |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | |||||
| CVE-2020-7040 | 3 Debian, Opensuse, Storebackup | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
| storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | |||||
| CVE-2015-3147 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-02-04 | 4.9 MEDIUM | 6.5 MEDIUM |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | |||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| python-rply before 0.7.4 insecurely creates temporary files. | |||||
| CVE-2019-3697 | 2 Gnu, Opensuse | 2 Gnump3d, Leap | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. | |||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Hadoop 1.0.3 contains a symlink vulnerability. | |||||
| CVE-2019-10773 | 1 Yarnpkg | 1 Yarn | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set. | |||||