Vulnerabilities (CVE)

CWE filter

CWE-59

Filter

513 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20834 1 Node-tar Project 1 Node-tar 2019-05-23 6.4
A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same...
CVE-2017-1000115 3 Mercurial, Debian, Redhat 8 Mercurial, Debian Linux, Enterprise Linux Desktop and 5 more 2019-05-10 5.0
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2015-7529 3 Sosreport Project, Canonical, Redhat 8 Sosreport, Ubuntu Linux, Enterprise Linux Desktop and 5 more 2019-05-09 4.6
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in...
CVE-2018-19638 2019-05-08 3.3
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
CVE-2018-19637 2019-05-08 3.6
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
CVE-2019-11503 2019-05-02 5.0
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
CVE-2019-11502 2019-05-02 5.0
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.
CVE-2016-9602 2 Qemu, Debian 2 Qemu, Debian Linux 2019-04-30 9.0
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
CVE-2019-3902 3 Mercurial, Debian, Redhat 3 Mercurial, Debian Linux, Enterprise Linux 2019-04-29 5.8
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
CVE-2017-15357 2019-04-26 6.9
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVE-2018-17567 1 Jekyllrb 1 Jekyll 2019-04-26 5.0
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
CVE-2014-1859 3 Numpy, Fedoraproject, Redhat 3 Numpy, Fedora, Enterprise Linux 2019-04-22 2.1
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2017-2619 3 Samba, Debian, Redhat 3 Samba, Debian Linux, Enterprise Linux 2019-04-22 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2013-2561 2 Openfabrics, Redhat 2 Enterprise Linux, Ibutils 2019-04-22 6.3
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8)...
CVE-2013-1976 1 Redhat 2 Jboss Enterprise Web Server, Enterprise Linux 2019-04-22 6.9
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary...
CVE-2013-0200 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2019-04-22 1.9
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or...
CVE-2013-2217 4 Jeff Ortel, Novell, Redhat and 1 more 4 Suds, Enterprise Linux, Opensuse and 1 more 2019-04-22 1.2
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
CVE-2019-1002101 2 Kubernetes, Redhat 2 Kubernetes, Openshift Container Platform 2019-04-09 5.8
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user?s machine. If the...
CVE-2016-4679 1 Apple 6 Mac Os X, Iphone Os, Watch Os and 3 more 2019-03-22 4.3
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote...
CVE-2017-9525 1 Cron Project 1 Cron 2019-03-21 6.9
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.