Total
1131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1031 | 1 Feh Project | 1 Feh | 2020-02-27 | 3.3 LOW | N/A |
| The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. | |||||
| CVE-2011-0702 | 1 Feh Project | 1 Feh | 2020-02-27 | 3.3 LOW | N/A |
| The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | |||||
| CVE-2020-8950 | 2 Amd, Microsoft | 2 User Experience Program, Windows | 2020-02-19 | 7.2 HIGH | 7.8 HIGH |
| The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | |||||
| CVE-2020-0730 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-02-14 | 3.6 LOW | 7.1 HIGH |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2012-6114 | 1 Git-extras Project | 1 Git-extras | 2020-02-07 | 3.6 LOW | 5.5 MEDIUM |
| The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | |||||
| CVE-2019-11251 | 1 Kubernetes | 1 Kubernetes | 2020-02-06 | 4.3 MEDIUM | 5.7 MEDIUM |
| The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree. | |||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | |||||
| CVE-2013-1866 | 2 Apple, Opensc Project | 2 Mac Os X, Opensc | 2020-02-03 | 6.3 MEDIUM | 6.1 MEDIUM |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | |||||
| CVE-2013-1867 | 1 Apple | 2 Mac Os X, Tokend | 2020-02-03 | 6.3 MEDIUM | 6.1 MEDIUM |
| Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | |||||
| CVE-2011-1144 | 1 Php | 1 Pear | 2020-01-23 | 3.3 LOW | N/A |
| The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | |||||
| CVE-2011-1072 | 1 Php | 1 Pear | 2020-01-23 | 3.3 LOW | N/A |
| The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | |||||
| CVE-2020-0616 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-01-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | |||||
| CVE-2019-18466 | 1 Libpod Project | 1 Libpod | 2020-01-15 | 5.8 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. | |||||
| CVE-2019-19191 | 1 Shibboleth | 1 Service Provider | 2020-01-14 | 7.2 HIGH | 7.8 HIGH |
| Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. | |||||
| CVE-1999-1593 | 1 Microsoft | 3 Windows 2000, Windows 95, Windows 98 | 2020-01-10 | 7.6 HIGH | N/A |
| Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. | |||||
| CVE-2019-16896 | 1 K7computing | 1 K7 Ultimate Security | 2020-01-09 | 2.1 LOW | 7.8 HIGH |
| In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | |||||
| CVE-2014-7206 | 1 Debian | 2 Advanced Package Tool, Apt | 2020-01-08 | 3.6 LOW | N/A |
| The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | |||||
| CVE-2019-8463 | 1 Checkpoint | 1 Endpoint Security Clients | 2020-01-03 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. | |||||
| CVE-2019-6679 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-01-02 | 3.6 LOW | 3.3 LOW |
| On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users with SCP access to overwrite certain configuration files that would otherwise be restricted. | |||||
| CVE-2010-3691 | 1 Apereo | 1 Phpcas | 2019-12-30 | 3.3 LOW | N/A |
| PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | |||||