CWE:
 

Topic
Date
Author
Med.
Linux systemd Symlink Dereference Via chown_one()
27.10.2018
Jann Horn
High
MS13-097 Registry Symlink IE Sandbox Escape
27.06.2014
Juan vazquez
Med.
systemd create or overwrite arbitrary files
21.04.2014
Sebastian Krahmer
Med.
Solaris 10 Patch Cluster Symlink Attack
09.08.2012
Larry W. Cashdollar
Low
Medium severity flaw in QNX Neutrino RTOS
23.10.2011
Tim Brown
Low
Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
01.09.2011
Timo Warns
Med.
FreeBSD crontab information leakage
07.03.2011
Dan Rosenberg
Med.
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
11.01.2011
taviso
Low
emesene preditable 1.6.1 temporary filename
12.06.2010
Emilio Pozuelo Monfort
Low
Mathematica on Linux /tmp/MathLink vulnerability
27.05.2010
paul szabo
Med.
Solaris Update manager and Sun Patch Cluster - Symlink attack
01.04.2010
DHS
Med.
Deliver 2.1.14 Multiple vulnerabilities
30.03.2010
Dan Rosenberg
Med.
fcrontab 3.0.4 Information Disclosure Vulnerability
09.03.2010
Dan Rosenberg
Med.
Oscailt 3.3 CMS Local File Inclusion
02.01.2010
s4r4d0
Med.
VideoCache 1.9.2 vccleaner root vulnerability
30.12.2009
Dominick LaTrappe
Med.
MySQL - 5.1.41 Multiple Vulnerabalities
03.12.2009
Jan Lieskovsky
Med.
Enomaly ECP/Enomalism: Insecure temporary file creation vulnerabilities
05.02.2009
Sam Johnston
Med.
ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities
31.12.2008
XiaShing_at_gmail.com
High
verlihub <= 0.9.8d-RC2 Remote Command Execution Vulnerability
23.12.2008
v4lkyrius
High
/bin/login gives root to group utmp
02.12.2008
Paul Szabo
High
python-2.3.4-5 Symbolic link attack possibility
19.09.2008
Jan iankko Lieskovsky
Med.
Nooms 1.1
11.09.2008
irancrash


CVEMAP Search Results

CVE
Details
Description
2019-04-30
Medium
CVE-2018-20834

Updating...
 

 
A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

 
2019-04-24
Medium
CVE-2019-11503

Updating...
 

 
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

 
Medium
CVE-2019-11502

Updating...
 

 
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.

 
2019-04-22
Medium
CVE-2019-3902

Vendor: Mercurial
Software: Mercurial
 

 
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

 
2019-04-01
Medium
CVE-2019-1002101

Vendor: Kubernetes
Software: Kubernetes
 

 
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user?s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.

 
2019-03-15
Low
CVE-2018-17955

Updating...
 

 
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection

 
2019-03-05
Low
CVE-2018-19638

Updating...
 

 
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.

 
Low
CVE-2018-19637

Updating...
 

 
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection

 
2019-02-28
Medium
CVE-2019-3582

Vendor: Mcafee
Software: Endpoint sec...
 

 
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.

 
2019-02-18
Medium
CVE-2019-8372

Updating...
 

 
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top