Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2020-08-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2014-5045 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux Eus, Enterprise Linux Server Aus and 1 more | 2020-08-14 | 6.2 MEDIUM | N/A |
| The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. | |||||
| CVE-2020-15932 | 1 Overwolf | 1 Overwolf | 2020-08-05 | 9.0 HIGH | 8.8 HIGH |
| Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. | |||||
| CVE-2020-11474 | 1 Ncp-e | 1 Secure Enterprise Client | 2020-07-31 | 4.6 MEDIUM | 7.8 HIGH |
| NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | |||||
| CVE-2019-3902 | 3 Debian, Mercurial, Redhat | 3 Debian Linux, Mercurial, Enterprise Linux | 2020-07-31 | 5.8 MEDIUM | 5.9 MEDIUM |
| A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||||
| CVE-2014-9512 | 3 Opensuse, Oracle, Samba | 3 Opensuse, Solaris, Rsync | 2020-07-28 | 6.4 MEDIUM | N/A |
| rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | |||||
| CVE-2020-9670 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2020-13095 | 1 Obdev | 1 Little Snitch | 2020-07-08 | 9.0 HIGH | 8.8 HIGH |
| Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root. | |||||
| CVE-2020-15401 | 1 Iobit | 1 Malware Fighter | 2020-07-07 | 2.1 LOW | 4.4 MEDIUM |
| IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. | |||||
| CVE-2020-8103 | 1 Bitdefender | 1 Antivirus 2020 | 2020-06-11 | 3.6 LOW | 7.1 HIGH |
| A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. | |||||
| CVE-2020-3223 | 1 Cisco | 1 Ios Xe | 2020-06-09 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem. | |||||
| CVE-2020-3237 | 1 Cisco | 1 Iox | 2020-06-08 | 4.6 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. | |||||
| CVE-2020-13833 | 1 Google | 1 Android | 2020-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | |||||
| CVE-2020-2024 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 2.1 LOW | 6.5 MEDIUM |
| An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. | |||||
| CVE-2020-5837 | 1 Symantec | 1 Endpoint Protection | 2020-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | |||||
| CVE-2014-8585 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2020-05-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | |||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2020-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2020-05-04 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2020-04-29 | 4.6 MEDIUM | 6.2 MEDIUM |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | |||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||