Total
1181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18188 | 1 Openr | 1 Opentmpfiles | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run. | |||||
| CVE-2017-18078 | 3 Debian, Opensuse, Systemd Project | 3 Debian Linux, Leap, Systemd | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | |||||
| CVE-2017-16611 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxfont | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2024-11-21 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2017-15111 | 1 Keycloak-httpd-client-install Project | 1 Keycloak-httpd-client-install | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | |||||
| CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2024-11-21 | 7.2 HIGH | 6.5 MEDIUM |
| Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
| CVE-2017-12172 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | |||||
| CVE-2017-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 8.8 HIGH |
| In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | |||||
| CVE-2017-1000420 | 1 Syncthing | 1 Syncthing | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | |||||
| CVE-2017-1000115 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | |||||
| CVE-2016-9774 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. | |||||
| CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
| Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
| A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
| CVE-2016-9566 | 1 Nagios | 1 Nagios | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | |||||
| CVE-2016-8641 | 1 Nagios | 1 Nagios | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. | |||||
| CVE-2016-7619 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks. | |||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | |||||
| CVE-2016-6664 | 3 Mariadb, Oracle, Percona | 4 Mariadb, Mysql, Percona Server and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. | |||||
| CVE-2016-6253 | 1 Netbsd | 1 Netbsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | |||||
| CVE-2016-4679 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink. | |||||