CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-59

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000115 59 2017-10-04 2017-11-05
5.0
None Remote Low Not required None Partial None
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
2 CVE-2017-9525 59 +Priv 2017-06-09 2017-07-26
6.9
Admin Local Medium Not required Complete Complete Complete
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
3 CVE-2017-8806 59 DoS 2017-11-13 2017-12-08
3.6
None Local Low Not required None Partial Partial
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
4 CVE-2017-7549 59 2017-09-21 2017-12-08
3.3
None Local Medium Not required Partial Partial None
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
5 CVE-2017-7418 59 Bypass 2017-04-04 2017-04-11
2.1
None Local Low Not required None Partial None
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
6 CVE-2017-2916 59 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.
7 CVE-2017-1301 59 2017-10-05 2017-10-25
3.6
None Local Low Not required None Partial Partial
IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
8 CVE-2016-10374 59 2017-05-17 2017-05-31
2.1
None Local Low Not required None Partial None
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.
9 CVE-2016-9774 59 +Priv +Info 2017-03-23 2017-03-31
7.2
None Local Low Not required Complete Complete Complete
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
10 CVE-2016-7619 59 2017-02-20 2017-07-26
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "libarchive" component, which allows local users to write to arbitrary files via vectors related to symlinks.
11 CVE-2016-6664 59 +Priv 2016-12-13 2017-11-03
6.9
None Local Medium Not required Complete Complete Complete
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
12 CVE-2016-6253 59 2017-01-20 2017-01-20
7.2
None Local Low Not required Complete Complete Complete
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
13 CVE-2016-4679 59 2017-02-20 2017-07-28
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink.
14 CVE-2016-3108 59 2017-06-08 2017-06-14
3.6
None Local Low Not required Partial Partial None
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
15 CVE-2016-1247 59 +Priv 2016-11-29 2017-02-23
7.2
Admin Local Low Not required Complete Complete Complete
The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.
16 CVE-2015-8860 59 2017-01-23 2017-01-24
5.0
None Remote Low Not required None Partial None
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
17 CVE-2015-8326 59 2017-06-07 2017-06-14
3.6
None Local Low Not required None Partial Partial
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.
18 CVE-2015-7758 59 2016-01-08 2016-12-05
2.1
None Local Low Not required None Partial None
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.
19 CVE-2015-7724 59 +Priv 2017-06-07 2017-06-14
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.
20 CVE-2015-7723 59 +Priv 2017-06-07 2017-06-14
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.
21 CVE-2015-7529 59 +Priv +Info 2017-11-06 2017-11-29
4.6
None Local Low Not required Partial Partial Partial
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
22 CVE-2015-6927 59 2015-09-28 2017-06-30
3.6
None Local Low Not required None Partial Partial
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.
23 CVE-2015-6566 59 +Priv 2016-01-11 2016-01-13
7.2
None Local Low Not required Complete Complete Complete
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
24 CVE-2015-6240 59 2017-06-07 2017-06-14
7.2
None Local Low Not required Complete Complete Complete
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
25 CVE-2015-5752 59 Bypass 2015-08-16 2016-12-23
5.0
None Remote Low Not required Partial None None
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
26 CVE-2015-5705 59 2017-09-06 2017-09-13
5.0
None Remote Low Not required None Partial None
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
27 CVE-2015-5701 59 2017-08-25 2017-09-12
5.6
None Local Low Not required Partial Complete None
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
28 CVE-2015-5700 59 2017-08-25 2017-09-12
5.6
None Local Low Not required Partial Complete None
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
29 CVE-2015-5287 59 +Priv 2015-12-07 2016-12-07
6.9
None Local Medium Not required Complete Complete Complete
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
30 CVE-2015-5273 59 2015-12-07 2016-12-07
3.6
None Local Low Not required None Partial Partial
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
31 CVE-2015-4156 59 2015-06-02 2016-12-07
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
32 CVE-2015-4155 59 2015-06-02 2016-12-07
3.6
None Local Low Not required None Partial Partial
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
33 CVE-2015-3629 59 2015-05-18 2017-01-02
7.2
None Local Low Not required Complete Complete Complete
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
34 CVE-2015-3627 59 +Priv 2015-05-18 2017-01-02
7.2
None Local Low Not required Complete Complete Complete
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
35 CVE-2015-3436 59 2015-06-09 2016-12-05
6.6
None Local Low Not required None Complete Complete
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
36 CVE-2015-3315 59 2017-06-26 2017-07-05
7.2
None Local Low Not required Complete Complete Complete
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
37 CVE-2015-3211 59 2017-08-25 2017-09-06
2.1
None Local Low Not required None Partial None
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
38 CVE-2015-3156 59 2017-08-11 2017-08-25
2.1
None Local Low Not required None Partial None
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
39 CVE-2015-3149 59 2017-07-25 2017-07-31
2.1
None Local Low Not required None Partial None
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack.
40 CVE-2015-1769 59 Exec Code 2015-08-14 2017-09-20
7.2
None Local Low Not required Complete Complete Complete
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
41 CVE-2015-1377 59 2015-02-10 2015-02-11
4.9
None Local Low Not required Complete None None
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
42 CVE-2015-1338 59 DoS +Priv 2015-10-01 2015-10-02
7.2
None Local Low Not required Complete Complete Complete
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
43 CVE-2015-1335 59 2015-10-01 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
44 CVE-2015-1331 59 2015-08-12 2016-11-28
4.9
None Local Low Not required None Complete None
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
45 CVE-2015-1196 59 2015-01-21 2017-09-07
4.3
None Remote Medium Not required None Partial None
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
46 CVE-2015-1194 59 2015-01-21 2015-01-23
4.3
None Remote Medium Not required None Partial None
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
47 CVE-2015-1038 59 2015-01-21 2017-09-07
5.8
None Remote Medium Not required None Partial Partial
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
48 CVE-2015-0858 59 2016-05-06 2016-05-09
2.1
None Local Low Not required None Partial None
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
49 CVE-2015-0794 59 2015-11-19 2015-11-20
7.2
None Local Low Not required Complete Complete Complete
modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.
50 CVE-2015-0556 59 Dir. Trav. 2015-04-08 2017-06-30
5.8
None Remote Medium Not required None Partial Partial
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
Total number of vulnerabilities : 448   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.