Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44052 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-09-16 | 6.5 Medium |
| An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | ||||
| CVE-2021-32553 | 2 Canonical, Oracle | 2 Ubuntu Linux, Openjdk | 2024-09-16 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2011-5146 | 1 Ingumadev | 1 Bokken | 2024-09-16 | N/A |
| Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot. | ||||
| CVE-2009-3304 | 1 Gforge | 1 Gforge | 2024-09-16 | N/A |
| GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. | ||||
| CVE-2017-5188 | 1 Opensuse | 1 Open Build Service | 2024-09-16 | N/A |
| The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | ||||
| CVE-2022-35631 | 3 Apple, Linux, Rapid7 | 3 Macos, Linux Kernel, Velociraptor | 2024-09-16 | 5.5 Medium |
| On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2017-12172 | 2 Postgresql, Redhat | 4 Postgresql, Enterprise Linux, Rhel Software Collections and 1 more | 2024-09-16 | N/A |
| PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | ||||
| CVE-2019-3691 | 2 Opensuse, Suse | 3 Factory, Munge, Suse Linux Enterprise Server | 2024-09-16 | 7.7 High |
| A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1. | ||||
| CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2024-09-16 | N/A |
| ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | ||||
| CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2024-09-16 | N/A |
| netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts. | ||||
| CVE-2008-4996 | 1 Debian | 1 Initramfs-tools | 2024-09-16 | N/A |
| init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable. | ||||
| CVE-2018-15687 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2024-09-16 | 7.0 High |
| A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | ||||
| CVE-2008-5367 | 1 Marco D\'itri | 1 Ppp-udeb | 2024-09-16 | N/A |
| ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file. | ||||
| CVE-2022-31218 | 1 Abb | 3 Automation Builder, Drive Composer, Mint Workbench | 2024-09-16 | 7.8 High |
| Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | ||||
| CVE-2019-3699 | 2 Opensuse, Privoxy | 3 Factory, Leap, Privoxy | 2024-09-16 | 7.7 High |
| UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions. | ||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2024-09-16 | 7.1 High |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | ||||
| CVE-2019-3692 | 2 Opensuse, Suse | 5 Backports Sle, Factory, Leap and 2 more | 2024-09-16 | 7.7 High |
| The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions. | ||||
| CVE-2021-32555 | 1 Canonical | 1 Ubuntu Linux | 2024-09-16 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2019-1002101 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Container Platform | 2024-09-16 | N/A |
| The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. | ||||
| CVE-2018-19637 | 1 Opensuse | 1 Supportutils | 2024-09-16 | N/A |
| Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | ||||