Vulnerabilities (CVE)

CWE filter

CWE-59

Filter

509 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-4679 1 Apple 6 Mac Os X, Iphone Os, Watch Os and 3 more 2019-03-22 4.3
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote...
CVE-2017-9525 1 Cron Project 1 Cron 2019-03-21 6.9
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
CVE-2018-17955 2019-03-18 3.6
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
CVE-2018-19044 1 Keepalived 1 Keepalived 2019-03-13 3.3
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by...
CVE-2014-4480 1 Apple 3 Iphone Os, Apple Tv, Tvos 2019-03-08 10.0
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-4372 1 Apple 3 Iphone Os, Apple Tv, Tvos 2019-03-08 3.6
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
CVE-2014-1272 1 Apple 3 Iphone Os, Apple Tv, Tvos 2019-03-08 6.3
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
CVE-2018-12026 1 Phusion 1 Passenger 2019-03-08 7.5
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then...
CVE-2018-19638 2019-03-05 3.3
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
CVE-2018-19637 2019-03-05 3.6
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
CVE-2016-6664 3 Mariadb, Percona, Oracle 4 Mariadb, Mysql, Percona Server and 1 more 2019-03-05 6.9
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x...
CVE-2019-3582 1 Mcafee 1 Endpoint Security 2019-02-28 6.1
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.
CVE-2019-8372 2019-02-26 6.9
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs...
CVE-2018-17567 1 Jekyllrb 1 Jekyll 2018-12-28 5.0
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
CVE-2016-9566 1 Nagios 1 Nagios 2018-12-25 7.2
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVE-2013-4969 3 Puppetlabs, Canonical, Debian 3 Puppet, Ubuntu Linux, Debian Linux 2018-12-13 2.1
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
CVE-2018-1780 1 Ibm 1 Db2 2018-12-12 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did...
CVE-2018-1781 1 Ibm 1 Db2 2018-12-12 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have...
CVE-2018-1834 1 Ibm 1 Db2 2018-12-12 7.2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.
CVE-2018-14651 2 Debian, Redhat 2 Debian Linux, Enterprise Linux 2018-12-11 6.5
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or...