Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1633 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434. | |||||
CVE-2018-14329 | 1 Htslib | 1 Htslib | 2024-02-04 | 3.3 LOW | 4.7 MEDIUM |
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
CVE-2018-17567 | 1 Jekyllrb | 1 Jekyll | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | |||||
CVE-2019-5665 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges. | |||||
CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | |||||
CVE-2018-1781 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. | |||||
CVE-2018-19638 | 1 Opensuse | 1 Supportutils | 2024-02-04 | 3.3 LOW | 4.7 MEDIUM |
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | |||||
CVE-2016-8641 | 1 Nagios | 1 Nagios | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. | |||||
CVE-2018-19044 | 1 Keepalived | 1 Keepalived | 2024-02-04 | 3.3 LOW | 4.7 MEDIUM |
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. | |||||
CVE-2019-0574 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. | |||||
CVE-2018-15351 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | |||||
CVE-2019-8372 | 1 Lg | 1 Lha.sys | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. | |||||
CVE-2018-1834 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. | |||||
CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
CVE-2019-0572 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. | |||||
CVE-2011-2765 | 1 Pyro Project | 1 Pyro | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks. | |||||
CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | |||||
CVE-2017-7500 | 1 Rpm | 1 Rpm | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. | |||||
CVE-2018-6557 | 1 Canonical | 1 Ubuntu Linux | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. |