Total
1295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0094 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 7.8 High |
| Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2020-9901 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 7.8 High |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2020-9900 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges. | ||||
| CVE-2020-9682 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2024-11-21 | 9.8 Critical |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. | ||||
| CVE-2020-9670 | 2 Adobe, Microsoft | 2 Creative Cloud Desktop Application, Windows | 2024-11-21 | 9.8 Critical |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9452 | 1 Acronis | 1 True Image 2020 | 2024-11-21 | 7.8 High |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API. | ||||
| CVE-2020-8950 | 2 Amd, Microsoft | 2 User Experience Program, Windows | 2024-11-21 | 7.8 High |
| The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | ||||
| CVE-2020-8948 | 1 Sierrawireless | 1 Mobile Broadband Driver Package | 2024-11-21 | 7.8 High |
| The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges. | ||||
| CVE-2020-8831 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 6.5 Medium |
| Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | ||||
| CVE-2020-8585 | 1 Netapp | 1 Oncommand Unified Manager | 2024-11-21 | 5.5 Medium |
| OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). | ||||
| CVE-2020-8103 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 7.2 High |
| A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178. | ||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 7.1 High |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | ||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 4.9 Medium |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | ||||
| CVE-2020-8015 | 2 Exim, Opensuse | 2 Exim, Opensuse | 2024-11-21 | 8.4 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. | ||||
| CVE-2020-8013 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 2.2 Low |
| A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1. | ||||
| CVE-2020-7653 | 1 Synk | 1 Broker | 2024-11-21 | 6.5 Medium |
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | ||||
| CVE-2020-7346 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attacker along with sending a specific IOTL command at the correct time. | ||||
| CVE-2020-7325 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 5.5 Medium |
| Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
| CVE-2020-7282 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||