Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2024-02-04 | 3.3 LOW | 4.4 MEDIUM |
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | |||||
CVE-2018-6954 | 3 Canonical, Opensuse, Systemd Project | 3 Ubuntu Linux, Leap, Systemd | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. | |||||
CVE-2018-11637 | 1 Dialogic | 1 Powermedia Xms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | |||||
CVE-2018-12015 | 6 Apple, Archive\, Canonical and 3 more | 9 Mac Os X, \, Ubuntu Linux and 6 more | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | |||||
CVE-2018-4112 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. | |||||
CVE-2018-10722 | 1 Cylance | 1 Cylanceprotect | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | |||||
CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
CVE-2018-1000073 | 1 Rubygems | 1 Rubygems | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. | |||||
CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | |||||
CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-02-04 | 4.3 MEDIUM | 7.8 HIGH |
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |||||
CVE-2015-6240 | 1 Redhat | 1 Ansible | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | |||||
CVE-2015-7723 | 1 Amd | 1 Fglrx-driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | |||||
CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | |||||
CVE-2015-3211 | 1 Php-fpm | 1 Php-fpm | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
php-fpm allows local users to write to or create arbitrary files via a symlink attack. | |||||
CVE-2015-8326 | 1 Iptables-parse Project | 1 Iptables-parse Module | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | |||||
CVE-2016-1255 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | |||||
CVE-2015-3149 | 1 Redhat | 7 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Hpc Node Eus and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | |||||
CVE-2016-3108 | 1 Pulpproject | 1 Pulp | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | |||||
CVE-2015-3156 | 1 Openstack | 1 Trove | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file. | |||||
CVE-2017-9525 | 3 Canonical, Cron Project, Debian | 3 Ubuntu Linux, Cron, Debian Linux | 2024-02-04 | 6.9 MEDIUM | 6.7 MEDIUM |
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. |