Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17955 | 1 Opensuse | 1 Yast2-multipath | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2017-7500 | 1 Rpm | 1 Rpm | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. | |||||
| CVE-2017-5188 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | |||||
| CVE-2017-12172 | 1 Postgresql | 1 Postgresql | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | |||||
| CVE-2017-1002101 | 1 Kubernetes | 1 Kubernetes | 2019-10-09 | 5.5 MEDIUM | 9.6 CRITICAL |
| In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | |||||
| CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2019-10-09 | 3.6 LOW | 5.5 MEDIUM |
| A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | |||||
| CVE-2017-2390 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors. | |||||
| CVE-2017-8108 | 1 Cisofy | 1 Lynis | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
| Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | |||||
| CVE-2017-6981 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. | |||||
| CVE-2018-6198 | 2 Canonical, W3m Project | 2 Ubuntu Linux, W3m | 2019-10-02 | 3.3 LOW | 4.7 MEDIUM |
| w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | |||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2019-09-24 | 4.3 MEDIUM | 7.8 HIGH |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |||||
| CVE-2018-14329 | 1 Htslib | 1 Htslib | 2019-09-18 | 3.3 LOW | 4.7 MEDIUM |
| In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2015-6240 | 1 Redhat | 1 Ansible | 2019-09-16 | 7.2 HIGH | 7.8 HIGH |
| The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | |||||
| CVE-2018-20834 | 1 Node-tar Project | 1 Node-tar | 2019-09-04 | 6.4 MEDIUM | 7.5 HIGH |
| A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2). | |||||
| CVE-2018-20990 | 1 Tar Project | 1 Tar | 2019-08-28 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. | |||||
| CVE-2019-13229 | 1 Deepin | 1 Deepin Clone | 2019-08-14 | 6.6 MEDIUM | 5.5 MEDIUM |
| deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | |||||
| CVE-2017-7418 | 1 Proftpd | 1 Proftpd | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. | |||||
| CVE-2018-19044 | 1 Keepalived | 1 Keepalived | 2019-08-06 | 3.3 LOW | 4.7 MEDIUM |
| keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd. | |||||