Total
1245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8585 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | |||||
| CVE-2020-8103 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 3.6 LOW | 7.2 HIGH |
| A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. | |||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | |||||
| CVE-2020-8015 | 2 Exim, Opensuse | 2 Exim, Opensuse | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. | |||||
| CVE-2020-8013 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 1.9 LOW | 2.2 LOW |
| A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. | |||||
| CVE-2020-7653 | 1 Synk | 1 Broker | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | |||||
| CVE-2020-7325 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | |||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | |||||
| CVE-2020-7282 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 3.3 LOW | 7.5 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7250 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | |||||
| CVE-2020-7221 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. | |||||
| CVE-2020-7040 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | |||||
| CVE-2020-6546 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||||
| CVE-2020-6477 | 4 Apple, Fedoraproject, Google and 1 more | 5 Mac Os X, Fedora, Chrome and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | |||||
| CVE-2020-6012 | 1 Checkpoint | 1 Zonealarm Anti-ransomware | 2024-11-21 | 4.4 MEDIUM | 7.4 HIGH |
| ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access. | |||||
| CVE-2020-5837 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | |||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | |||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-11-21 | 7.2 HIGH | 6.2 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | |||||
| CVE-2020-5738 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | |||||
| CVE-2020-5324 | 1 Dell | 226 G3 15 3590, G3 15 3590 Firmware, G3 3579 and 223 more | 2024-11-21 | 2.6 LOW | 7.1 HIGH |
| Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. The vulnerability is limited to the Dell Firmware Update Utility during the time window while being executed by an administrator. During this time window, a locally authenticated low-privileged malicious user could exploit this vulnerability by tricking an administrator into overwriting arbitrary files via a symlink attack. The vulnerability does not affect the actual binary payload that the update utility delivers. | |||||