Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7221 | 1 Mariadb | 1 Mariadb | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. | |||||
| CVE-2020-6546 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||||
| CVE-2020-10947 | 1 Sophos | 2 Anti-virus For Sophos Central, Anti-virus For Sophos Home | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | |||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-16939 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-25776 | 1 Trendmicro | 1 Antivirus | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-27643 | 1 1e | 1 Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. | |||||
| CVE-2019-12779 | 1 Clusterlabs | 1 Libqb | 2021-07-02 | 6.6 MEDIUM | 7.1 HIGH |
| libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL. | |||||
| CVE-2017-7501 | 1 Rpm | 1 Rpm | 2021-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. | |||||
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2021-06-23 | 3.6 LOW | 7.1 HIGH |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | |||||
| CVE-2021-0094 | 1 Intel | 1 Driver \& Support Assistant | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-32555 | 1 Canonical | 1 Ubuntu Linux | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32554 | 1 Canonical | 1 Ubuntu Linux | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32553 | 2 Canonical, Oracle | 2 Ubuntu Linux, Openjdk | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32552 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32550 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32551 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32549 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32548 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32547 | 1 Canonical | 1 Ubuntu Linux | 2021-06-15 | 2.1 LOW | 5.5 MEDIUM |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. | |||||