Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15111 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2019-08-06 | 3.6 LOW | 5.5 MEDIUM |
| keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | |||||
| CVE-2008-4190 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2019-07-29 | 4.4 MEDIUM | N/A |
| The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled. | |||||
| CVE-2019-13228 | 1 Deepin | 1 Deepin-clone | 2019-07-27 | 6.6 MEDIUM | 4.7 MEDIUM |
| deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. | |||||
| CVE-2019-13227 | 1 Deepin | 1 Deepin-clone | 2019-07-27 | 6.6 MEDIUM | 5.5 MEDIUM |
| In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | |||||
| CVE-2019-13636 | 1 Gnu | 1 Patch | 2019-07-24 | 5.8 MEDIUM | 5.9 MEDIUM |
| In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. | |||||
| CVE-2019-11230 | 1 Avast | 1 Antivirus | 2019-07-24 | 3.6 LOW | 4.4 MEDIUM |
| In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. The next time the product attempts to write to the log file, the target of the symlink is renamed. This defect can be exploited to rename a critical product file (e.g., AvastSvc.exe), causing the product to fail to start on the next system restart. | |||||
| CVE-2019-11503 | 1 Canonical | 1 Snapd | 2019-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass." | |||||
| CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2019-07-10 | 6.3 MEDIUM | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | |||||
| CVE-2011-3870 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2019-07-10 | 6.3 MEDIUM | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | |||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2019-05-31 | 4.9 MEDIUM | N/A |
| lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2019-05-31 | 7.2 HIGH | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | |||||
| CVE-2019-9949 | 1 Westerndigital | 18 My Cloud, My Cloud Dl2100, My Cloud Dl2100 Firmware and 15 more | 2019-05-28 | 9.0 HIGH | 8.8 HIGH |
| Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized. | |||||
| CVE-2017-1000115 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | |||||
| CVE-2018-19637 | 1 Opensuse | 1 Supportutils | 2019-05-08 | 3.6 LOW | 5.5 MEDIUM |
| Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | |||||
| CVE-2018-19638 | 1 Opensuse | 1 Supportutils | 2019-05-08 | 3.3 LOW | 4.7 MEDIUM |
| In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | |||||
| CVE-2019-11502 | 1 Canonical | 1 Snapd | 2019-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory. | |||||
| CVE-2018-17567 | 1 Jekyllrb | 1 Jekyll | 2019-04-26 | 5.0 MEDIUM | 7.5 HIGH |
| Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | |||||
| CVE-2013-2561 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2019-04-22 | 6.3 MEDIUM | N/A |
| OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. | |||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2019-04-22 | 2.1 LOW | 5.5 MEDIUM |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2013-2217 | 3 Jeff Ortel, Opensuse, Redhat | 3 Suds, Opensuse, Enterprise Linux | 2019-04-22 | 1.2 LOW | N/A |
| cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. | |||||