CWE-61
High likelihoodUNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
138 vulnerabilities with CWE-61
CVE-2021-32548
HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()
CVSS 7.3
CVE-2021-32547
HIGH
Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py
CVSS 7.3
CVE-2021-25322
MEDIUM
openSUSE Leap 15.2/python-HyperKitty <1.3.2-lp152.2.3.1 - Privilege...
CVSS 6.8
CVE-2021-1145
MEDIUM
Cisco StarOS < 21.19.7 - Authenticated Arbitrary File Read via SFTP Symbolic Link Handling
CVSS 6.5
CVE-2020-15076
HIGH
Private Tunnel <3.0.1 - Memory Corruption
CVSS 7.8
CVE-2020-15075
HIGH
OpenVPN Connect <3.2.6 - Memory Corruption
CVSS 7.1
CVE-2020-8019
HIGH
syslog-ng < 2.0.9-27.34.40.5.1 - Privilege Escalation via UNIX Symbolic Link Following
CVSS 7.7
CVE-2020-8014
HIGH
openSUSE Leap 15.1, Tumbleweed - Privilege Escalation
CVSS 7.7
CVE-2019-11251
MEDIUM
Kubernetes 1.1-1.12, <1.13.11, <1.14.7, <1.15.4 - Arbitrary File Write via kubectl cp Symlink Traversal
CVSS 4.8
CVE-2019-16775
HIGH
npm CLI <6.13.3 - Arbitrary File Write
CVSS 7.7
CVE-2019-11249
MEDIUM
Kubernetes < 1.12.10, 1.13.0-1.13.8, 1.14.0-1.14.4, 1.15.0-1.15.1 - Path Traversal via kubectl cp
CVSS 6.5
CVE-2019-11246
MEDIUM
Kubernetes < 1.12.10 - Path Traversal via kubectl cp Command
CVSS 6.5
CVE-2017-14798
HIGH
PostgreSQL - Privilege Escalation via Race Condition in Init Script
CVSS 7.3
Details
Vulnerabilities
138
Exploit Likelihood
High