CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-59

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-41072 59 Dir. Trav. 2021-09-14 2021-11-05
5.8
None Remote Medium Not required None Partial Partial
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
2 CVE-2021-41057 59 2021-11-14 2021-11-17
3.6
None Local Low Not required None Partial Partial
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
3 CVE-2021-38570 59 2021-08-11 2021-08-12
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
4 CVE-2021-36983 59 +Priv 2021-07-30 2021-08-07
7.2
None Local Low Not required Complete Complete Complete
replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock.
5 CVE-2021-32610 59 2021-07-30 2021-09-25
3.6
None Local Low Not required Partial Partial None
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
6 CVE-2021-32557 59 2021-06-12 2021-06-23
3.6
None Local Low Not required None Partial Partial
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
7 CVE-2021-32555 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
8 CVE-2021-32554 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
9 CVE-2021-32553 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
10 CVE-2021-32552 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
11 CVE-2021-32551 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
12 CVE-2021-32550 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
13 CVE-2021-32549 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
14 CVE-2021-32548 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
15 CVE-2021-32547 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
16 CVE-2021-31154 59 +Priv 2021-05-27 2021-06-07
7.2
None Local Low Not required Complete Complete Complete
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.
17 CVE-2021-30855 59 2021-08-24 2021-11-01
4.3
None Remote Medium Not required Partial None None
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.
18 CVE-2021-30463 59 +Priv 2021-04-08 2021-04-14
7.2
None Local Low Not required Complete Complete Complete
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.
19 CVE-2021-28650 59 Dir. Trav. 2021-03-17 2021-05-26
2.1
None Local Low Not required Partial None None
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
20 CVE-2021-28163 59 2021-04-01 2021-10-20
4.0
None Remote Low ??? Partial None None
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
21 CVE-2021-28153 59 2021-03-11 2021-07-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
22 CVE-2021-27241 59 Exec Code 2021-03-29 2021-04-01
3.6
None Local Low Not required None Partial Partial
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.
23 CVE-2021-27229 59 Exec Code 2021-02-16 2021-05-26
6.8
None Remote Medium Not required Partial Partial Partial
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
24 CVE-2021-26720 59 DoS 2021-02-17 2021-02-25
4.6
None Local Low Not required Partial Partial Partial
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
25 CVE-2021-26089 59 Exec Code 2021-07-12 2021-07-13
7.2
None Local Low Not required Complete Complete Complete
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
26 CVE-2021-23872 59 +Priv 2021-05-12 2021-07-06
4.6
None Local Low Not required Partial Partial Partial
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
27 CVE-2021-23240 59 +Priv 2021-01-12 2021-09-13
4.4
None Local Medium Not required Partial Partial Partial
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
28 CVE-2021-23239 59 2021-01-12 2021-02-10
1.9
None Local Medium Not required Partial None None
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
29 CVE-2021-21740 59 +Info 2021-08-09 2021-08-17
2.1
None Local Low Not required Partial None None
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
30 CVE-2021-21686 59 2021-11-04 2021-11-08
5.8
None Remote Medium Not required Partial Partial None
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
31 CVE-2021-21602 59 2021-01-13 2021-01-15
4.0
None Remote Low ??? Partial None None
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
32 CVE-2021-21300 59 2021-03-09 2021-09-23
5.1
None Remote High Not required Partial Partial Partial
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.
33 CVE-2021-20197 59 2021-03-26 2021-05-28
3.3
None Local Medium Not required Partial Partial None
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
34 CVE-2021-3641 59 DoS 2021-11-09 2021-11-15
2.1
None Local Low Not required None None Partial
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.
35 CVE-2021-3310 59 Exec Code 2021-03-10 2021-03-17
4.6
None Local Low Not required Partial Partial Partial
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure (by reading local files).
36 CVE-2021-1612 59 2021-09-23 2021-09-30
6.6
None Local Low Not required None Complete Complete
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
37 CVE-2021-1145 59 2021-01-13 2021-01-20
4.0
None Remote Low ??? Partial None None
A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.
38 CVE-2021-1091 59 DoS 2021-07-22 2021-07-31
3.6
None Local Low Not required None Partial Partial
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
39 CVE-2021-0094 59 2021-06-09 2021-06-23
4.6
None Local Low Not required Partial Partial Partial
Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.
40 CVE-2020-36241 59 Dir. Trav. 2021-02-05 2021-07-21
2.1
None Local Low Not required Partial None None
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
41 CVE-2020-35766 59 +Priv 2020-12-28 2020-12-30
4.4
None Local Medium Not required Partial Partial Partial
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.
42 CVE-2020-28935 59 DoS 2020-12-07 2021-02-12
2.1
None Local Low Not required None None Partial
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
43 CVE-2020-28641 59 2020-12-22 2020-12-23
6.6
None Local Low Not required None Complete Complete
In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system.
44 CVE-2020-28007 59 2021-05-06 2021-05-10
7.2
None Local Low Not required Complete Complete Complete
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
45 CVE-2020-26277 59 2020-12-21 2020-12-23
4.0
None Remote High Not required None Partial Partial
DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2.
46 CVE-2020-25744 59 DoS 2020-09-18 2020-09-25
5.5
None Remote Low ??? None Partial Partial
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.
47 CVE-2020-25289 59 2020-09-13 2020-09-17
2.1
None Local Low Not required None Partial None
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
48 CVE-2020-25031 59 2020-08-31 2020-09-04
7.2
None Local Low Not required Complete Complete Complete
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.
49 CVE-2020-24654 59 2020-09-02 2021-01-11
4.3
None Remote Medium Not required None Partial None
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
50 CVE-2020-24559 59 Exec Code 2020-09-01 2021-09-16
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Total number of vulnerabilities : 734   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.