Vulnerabilities (CVE)

Filtered by CWE-59
Total 868 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-20197 4 Broadcom, Gnu, Netapp and 1 more 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more 2022-09-30 3.3 LOW 6.3 MEDIUM
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
CVE-2022-38699 1 Asus 1 Armoury Crate Service 2022-09-30 N/A 5.9 MEDIUM
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system.
CVE-2022-40710 1 Trendmicro 1 Deep Security 2022-09-29 N/A 7.8 HIGH
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-23144 1 Zte 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more 2022-09-26 N/A 9.1 CRITICAL
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
CVE-2022-34893 2 Microsoft, Trendmicro 2 Windows, Security 2022-09-22 N/A 7.8 HIGH
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.
CVE-2022-40143 2 Microsoft, Trendmicro 2 Windows, Apex One 2022-09-21 N/A 7.3 HIGH
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-39215 1 Tauri 1 Tauri 2022-09-21 N/A 5.8 MEDIUM
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`.
CVE-2020-7346 1 Mcafee 1 Data Loss Prevention 2022-09-20 4.6 MEDIUM 7.8 HIGH
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time.
CVE-2022-0029 2 Microsoft, Paloaltonetworks 2 Windows, Cortex Xdr Agent 2022-09-17 N/A 5.5 MEDIUM
An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.
CVE-2020-24654 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-09-12 4.3 MEDIUM 3.3 LOW
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
CVE-2022-26456 2 Google, Mediatek 21 Android, Mt6769, Mt6781 and 18 more 2022-09-09 N/A 4.4 MEDIUM
In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545473; Issue ID: ALPS06545473.
CVE-2022-2898 1 Measuresoft 2 Scadapro Client, Scadapro Server 2022-09-02 N/A 5.5 MEDIUM
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.
CVE-2022-2897 1 Measuresoft 2 Scadapro Client, Scadapro Server 2022-09-02 N/A 7.8 HIGH
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..
CVE-2021-35937 3 Fedoraproject, Redhat, Rpm 3 Fedora, Enterprise Linux, Rpm 2022-09-01 N/A 6.4 MEDIUM
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35939 2 Redhat, Rpm 2 Enterprise Linux, Rpm 2022-09-01 N/A 7.8 HIGH
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-35938 3 Fedoraproject, Redhat, Rpm 3 Fedora, Enterprise Linux, Rpm 2022-08-31 N/A 7.8 HIGH
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2022-34960 1 Mikrotik 1 Routeros 2022-08-31 N/A 9.8 CRITICAL
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
CVE-2017-2619 3 Debian, Redhat, Samba 3 Debian Linux, Enterprise Linux, Samba 2022-08-29 6.0 MEDIUM 7.5 HIGH
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2021-23177 3 Fedoraproject, Libarchive, Redhat 12 Fedora, Libarchive, Codeready Linux Builder and 9 more 2022-08-26 N/A 7.8 HIGH
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
CVE-2021-31566 3 Fedoraproject, Libarchive, Redhat 12 Fedora, Libarchive, Codeready Linux Builder and 9 more 2022-08-26 N/A 7.8 HIGH
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.