Vulnerabilities (CVE)

CWE filter



532 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1317 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 5.6
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
CVE-2019-1002101 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2019-10-10 5.8
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the...
CVE-2019-3582 1 Mcafee 1 Endpoint Security 2019-10-09 6.1
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.
CVE-2019-3567 1 Facebook 1 Osquery 2019-10-09 9.3
In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will...
CVE-2019-12672 1 Cisco 1 Ios 2019-10-09 7.2
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The...
CVE-2018-1834 1 Ibm 1 Db2 2019-10-09 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.
CVE-2018-1781 1 Ibm 1 Db2 2019-10-09 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have...
CVE-2018-1780 1 Ibm 1 Db2 2019-10-09 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did...
CVE-2018-17955 2019-10-09 3.6
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
CVE-2017-7500 1 Rpm 1 Rpm 2019-10-09 7.2
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary...
CVE-2017-5188 1 Opensuse 1 Open Build Service 2019-10-09 5.0
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
CVE-2017-2619 3 Samba, Debian, Redhat 3 Samba, Debian Linux, Enterprise Linux 2019-10-09 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2017-15097 1 Redhat 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more 2019-10-09 7.2
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
CVE-2017-12172 1 Postgresql 1 Postgresql 2019-10-09 7.2
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run...
CVE-2017-1002101 1 Kubernetes 1 Kubernetes 2019-10-09 5.5
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories...
CVE-2016-9602 2 Qemu, Debian 2 Qemu, Debian Linux 2019-10-09 9.0
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVE-2016-9595 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Katello 2019-10-09 3.6
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
CVE-2016-8641 1 Nagios 1 Nagios 2019-10-09 7.2
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the...
CVE-2015-0796 2019-10-09 4.6
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or...
CVE-2017-18078 3 Freedesktop, Debian, Opensuse 3 Systemd, Debian Linux, Leap 2019-10-03 4.6
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors...