CWE:
 

Topic
Date
Author
High
MS13-097 Registry Symlink IE Sandbox Escape
27.06.2014
Juan vazquez
Med.
systemd create or overwrite arbitrary files
21.04.2014
Sebastian Krahmer
Med.
Solaris 10 Patch Cluster Symlink Attack
09.08.2012
Larry W. Cashdollar
Low
Medium severity flaw in QNX Neutrino RTOS
23.10.2011
Tim Brown
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Med.
FreeBSD crontab information leakage
07.03.2011
Dan Rosenberg
Med.
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
11.01.2011
taviso
Low
emesene preditable 1.6.1 temporary filename
12.06.2010
Emilio Pozuelo Monfort
Low
Mathematica on Linux /tmp/MathLink vulnerability
27.05.2010
paul szabo
Med.
Solaris Update manager and Sun Patch Cluster - Symlink attack
01.04.2010
DHS
Med.
Deliver 2.1.14 Multiple vulnerabilities
30.03.2010
Dan Rosenberg
Med.
fcrontab 3.0.4 Information Disclosure Vulnerability
09.03.2010
Dan Rosenberg
Med.
Oscailt 3.3 CMS Local File Inclusion
02.01.2010
s4r4d0
Med.
VideoCache 1.9.2 vccleaner root vulnerability
30.12.2009
Dominick LaTrappe
Med.
MySQL - 5.1.41 Multiple Vulnerabalities
03.12.2009
Jan Lieskovsky
Med.
Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities
05.02.2009
Sam Johnston
Med.
ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities
31.12.2008
XiaShing_at_gmail.com
High
verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability
23.12.2008
v4lkyrius
High
/bin/login gives root to group utmp
02.12.2008
Paul Szabo
High
python-2.3.4-5 Symbolic link attack possibility
19.09.2008
Jan iankko Lieskovsky
Med.
Nooms 1.1
11.09.2008
irancrash


CVEMAP Search Results

CVE
Details
Description
2018-05-08
Medium
CVE-2018-10380

Vendor: Debian
Software: Debian linux
 

 
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

 
2018-05-03
Medium
CVE-2018-10722

Updating...
 

 
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.

 
2018-05-01
Low
CVE-2013-0159

Vendor: Fedoraproject
Software: Fedora
 

 
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.

 
2018-04-26
High
CVE-2016-9602

Vendor: QEMU
Software: QEMU
 

 
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

 
2018-04-18
Medium
CVE-2018-1088

Vendor: Redhat
Software: Gluster storage
 

 
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

 
2018-04-03
Low
CVE-2018-4112

Vendor: Apple
Software: Mac os x
 

 
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.

 
2018-03-26
Medium
CVE-2014-2312

Vendor: Debian linux
Software: Thermald
 

 
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.

 
2018-03-22
Medium
CVE-2018-5225

Updating...
 

 
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

 
2018-03-19
Low
CVE-2018-1196

Vendor: Pivotal software
Software: Spring boot
 

 
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.

 
2018-03-13
Medium
CVE-2017-1002101

Updating...
 

 
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top