Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24562 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2024-08-04 | 7.8 High |
| A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. | ||||
| CVE-2020-24556 | 3 Apple, Microsoft, Trendmicro | 5 Macos, Windows, Apex One and 2 more | 2024-08-04 | 7.8 High |
| A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. | ||||
| CVE-2020-24332 | 3 Fedoraproject, Redhat, Trustedcomputinggroup | 3 Fedora, Enterprise Linux, Trousers | 2024-08-04 | 5.5 Medium |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | ||||
| CVE-2020-23968 | 1 Ilex | 1 International Sign\&go | 2024-08-04 | 7.8 High |
| Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | ||||
| CVE-2020-17365 | 1 Pango | 1 Hotspot Shield | 2024-08-04 | 7.8 High |
| Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. | ||||
| CVE-2020-16939 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-08-04 | 7.8 High |
| <p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p> | ||||
| CVE-2020-16853 | 1 Microsoft | 1 Onedrive | 2024-08-04 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16851 | 1 Microsoft | 1 Onedrive | 2024-08-04 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16007 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports Sle and 1 more | 2024-08-04 | 7.8 High |
| Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | ||||
| CVE-2020-15932 | 1 Overwolf | 1 Overwolf | 2024-08-04 | 8.8 High |
| Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. | ||||
| CVE-2020-15861 | 3 Canonical, Net-snmp, Netapp | 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more | 2024-08-04 | 7.8 High |
| Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. | ||||
| CVE-2020-15401 | 1 Iobit | 1 Malware Fighter | 2024-08-04 | 4.4 Medium |
| IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-15076 | 1 Openvpn | 1 Private Tunnel | 2024-08-04 | 7.8 High |
| Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-15075 | 1 Openvpn | 1 Connect | 2024-08-04 | 7.1 High |
| OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-14990 | 1 Iobit | 1 Advanced Systemcare | 2024-08-04 | 7.1 High |
| IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-14367 | 3 Canonical, Fedoraproject, Tuxfamily | 3 Ubuntu Linux, Fedora, Chrony | 2024-08-04 | 6.0 Medium |
| A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | ||||
| CVE-2020-14004 | 2 Icinga, Opensuse | 3 Icinga, Backports Sle, Leap | 2024-08-04 | 7.8 High |
| An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | ||||
| CVE-2020-13833 | 1 Google | 1 Android | 2024-08-04 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | ||||
| CVE-2020-13095 | 1 Obdev | 1 Little Snitch | 2024-08-04 | 8.8 High |
| Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root. | ||||
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2024-08-04 | 7.8 High |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | ||||