Total
1127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15401 | 1 Iobit | 1 Malware Fighter | 2020-07-07 | 2.1 LOW | 4.4 MEDIUM |
| IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. | |||||
| CVE-2020-8103 | 1 Bitdefender | 1 Antivirus 2020 | 2020-06-11 | 3.6 LOW | 7.1 HIGH |
| A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. | |||||
| CVE-2020-3223 | 1 Cisco | 1 Ios Xe | 2020-06-09 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem. | |||||
| CVE-2020-3237 | 1 Cisco | 1 Iox | 2020-06-08 | 4.6 MEDIUM | 6.3 MEDIUM |
| A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by including a crafted file in an application package. An exploit could allow the attacker to overwrite files. | |||||
| CVE-2020-13833 | 1 Google | 1 Android | 2020-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | |||||
| CVE-2020-2024 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 2.1 LOW | 6.5 MEDIUM |
| An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. | |||||
| CVE-2020-5837 | 1 Symantec | 1 Endpoint Protection | 2020-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | |||||
| CVE-2019-19695 | 1 Trendmicro | 1 Antivirus | 2020-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2020-05-04 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2020-04-29 | 4.6 MEDIUM | 6.2 MEDIUM |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | |||||
| CVE-2020-5738 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2020-04-14 | 9.0 HIGH | 8.8 HIGH |
| Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | |||||
| CVE-2012-5303 | 1 Monkey-project | 1 Monkey | 2020-03-26 | 6.9 MEDIUM | N/A |
| Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |||||
| CVE-2020-0789 | 1 Microsoft | 1 Visual Studio 2019 | 2020-03-17 | 6.6 MEDIUM | 7.1 HIGH |
| A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'. | |||||
| CVE-2020-0779 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-03-16 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843. | |||||
| CVE-2019-3567 | 1 Linuxfoundation | 1 Osquery | 2020-03-06 | 9.3 HIGH | 8.1 HIGH |
| In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permissions. The solution is to migrate installations to the 'Program Files' directory on Windows which restricts unprivileged write access. This issue affects osquery prior to v3.4.0. | |||||
| CVE-2020-3835 | 1 Apple | 1 Mac Os X | 2020-03-03 | 3.6 LOW | 4.4 MEDIUM |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files. | |||||
| CVE-2020-3830 | 1 Apple | 1 Mac Os X | 2020-03-02 | 3.6 LOW | 3.3 LOW |
| A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files. | |||||
| CVE-2016-10374 | 1 Perltidy Project | 1 Perltidy | 2020-03-02 | 2.1 LOW | 5.5 MEDIUM |
| perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | |||||
| CVE-2011-0702 | 1 Feh Project | 1 Feh | 2020-02-27 | 3.3 LOW | N/A |
| The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | |||||
| CVE-2011-1031 | 1 Feh Project | 1 Feh | 2020-02-27 | 3.3 LOW | N/A |
| The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. | |||||