Total
925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3694 | 2 Opensuse, Suse | 4 Factory, Leap, Munin and 1 more | 2022-11-09 | 7.2 HIGH | 7.8 HIGH |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions. | |||||
| CVE-2019-18898 | 2 Opensuse, Suse | 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more | 2022-11-09 | 7.2 HIGH | 7.8 HIGH |
| UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | |||||
| CVE-2019-3693 | 2 Opensuse, Suse | 4 Backports Sle, Leap, Linux Enterprise Server and 1 more | 2022-11-09 | 7.2 HIGH | 7.8 HIGH |
| A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions. | |||||
| CVE-2021-23239 | 4 Debian, Fedoraproject, Netapp and 1 more | 6 Debian Linux, Fedora, Cloud Backup and 3 more | 2022-11-08 | 1.9 LOW | 2.5 LOW |
| The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | |||||
| CVE-2022-44747 | 1 Acronis | 1 Cyber Protect Home Office | 2022-11-08 | N/A | 7.8 HIGH |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
| CVE-2022-31250 | 1 Opensuse | 1 Tumbleweed | 2022-11-08 | N/A | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. | |||||
| CVE-2022-42725 | 1 Linuxmint | 1 Warpinator | 2022-11-07 | N/A | 7.5 HIGH |
| Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. | |||||
| CVE-2022-32905 | 1 Apple | 1 Macos | 2022-11-02 | N/A | 7.8 HIGH |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. | |||||
| CVE-2022-31256 | 1 Opensuse | 1 Factory | 2022-10-28 | N/A | 7.8 HIGH |
| A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | |||||
| CVE-2022-27816 | 1 Waycrate | 1 Swhkd | 2022-10-27 | 3.3 LOW | 7.1 HIGH |
| SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. | |||||
| CVE-2021-25321 | 2 Opensuse, Suse | 6 Factory, Leap, Arpwatch and 3 more | 2022-10-25 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. | |||||
| CVE-2021-25322 | 2 Opensuse, Python-hyperkitty Project | 3 Factory, Leap, Python-hyperkitty | 2022-10-25 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. | |||||
| CVE-2021-21272 | 1 Deislabs | 1 Oras | 2022-10-25 | 4.0 MEDIUM | 7.7 HIGH |
| ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider. | |||||
| CVE-2021-36286 | 1 Dell | 1 Supportassist Client Consumer | 2022-10-25 | 3.6 LOW | 7.1 HIGH |
| Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. | |||||
| CVE-2021-21695 | 1 Jenkins | 1 Jenkins | 2022-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-31997 | 1 Opensuse | 3 Factory, Leap, Python-postorius | 2022-10-14 | 7.2 HIGH | 7.8 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. | |||||
| CVE-2020-28935 | 2 Debian, Nlnetlabs | 3 Debian Linux, Name Server Daemon, Unbound | 2022-10-12 | 2.1 LOW | 5.5 MEDIUM |
| NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. | |||||
| CVE-2020-8831 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2022-10-07 | 2.1 LOW | 5.5 MEDIUM |
| Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | |||||
| CVE-2022-27815 | 1 Waycrate | 1 Swhkd | 2022-10-06 | 6.2 MEDIUM | 7.8 HIGH |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. | |||||
| CVE-2022-38699 | 1 Asus | 1 Armoury Crate Service | 2022-09-30 | N/A | 5.9 MEDIUM |
| Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. | |||||