Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6198 | 2 Canonical, Tats | 2 Ubuntu Linux, W3m | 2024-08-05 | N/A |
| w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | ||||
| CVE-2018-5107 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-08-05 | N/A |
| The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | ||||
| CVE-2018-4112 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. | ||||
| CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2024-08-05 | N/A |
| Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | ||||
| CVE-2019-20383 | 1 Abbyy | 1 Finereader | 2024-08-05 | 7.8 High |
| ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. | ||||
| CVE-2019-19693 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security 2020, Internet Security 2020 and 2 more | 2024-08-05 | 7.1 High |
| The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2024-08-05 | 7.5 High |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | ||||
| CVE-2019-19191 | 1 Shibboleth | 1 Service Provider | 2024-08-05 | 7.8 High |
| Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. | ||||
| CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2024-08-05 | 7.0 High |
| log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | ||||
| CVE-2019-18837 | 2 Crun Project, Fedoraproject | 2 Crun, Fedora | 2024-08-05 | 8.6 High |
| An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c. | ||||
| CVE-2019-18658 | 1 Helm | 1 Helm | 2024-08-05 | 9.8 Critical |
| In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue. | ||||
| CVE-2019-18645 | 1 Totaldefense | 1 Anti-virus | 2024-08-05 | 5.5 Medium |
| The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. | ||||
| CVE-2019-18466 | 2 Libpod Project, Redhat | 3 Libpod, Enterprise Linux, Rhel Extras Other | 2024-08-05 | 5.5 Medium |
| An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. | ||||
| CVE-2019-18232 | 2 Gemalto, Microsoft | 2 Sentinel Ldk License Manager, Windows | 2024-08-05 | 7.8 High |
| SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system. | ||||
| CVE-2019-17445 | 2 Eracent, Linux | 7 Eda Agent, Epa Agent, Epm Agent and 4 more | 2024-08-05 | 5.5 Medium |
| An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be forced to copy files from the filesystem to other locations via Symbolic Link Following. | ||||
| CVE-2019-16775 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 8 Fedora, Npm, Leap and 5 more | 2024-08-05 | 7.7 High |
| Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | ||||
| CVE-2019-16896 | 1 K7computing | 1 K7 Ultimate Security | 2024-08-05 | 7.8 High |
| In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | ||||
| CVE-2019-15627 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security | 2024-08-05 | 7.1 High |
| Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected. | ||||
| CVE-2019-13915 | 1 B3log | 1 Wide | 2024-08-05 | N/A |
| b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access. | ||||
| CVE-2019-13689 | 1 Google | 2 Chrome, Chrome Os | 2024-08-04 | 7.8 High |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | ||||