Total
1306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32610 | 4 Debian, Fedoraproject, Php and 1 more | 4 Debian Linux, Fedora, Archive Tar and 1 more | 2024-11-21 | 7.1 High |
| In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | ||||
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2024-11-21 | 5.2 Medium |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | ||||
| CVE-2021-32555 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32554 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32553 | 2 Canonical, Oracle | 2 Ubuntu Linux, Openjdk | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32552 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32551 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32550 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32549 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32548 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32547 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.3 High |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. | ||||
| CVE-2021-32518 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 High |
| A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32509 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 6.5 Medium |
| Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32508 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 6.5 Medium |
| Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32000 | 1 Suse | 2 Linux Enterprise Server, Opensuse Factory | 2024-11-21 | 3.2 Low |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. | ||||
| CVE-2021-31997 | 1 Opensuse | 3 Factory, Leap, Python-postorius | 2024-11-21 | 6.8 Medium |
| A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. | ||||
| CVE-2021-31843 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.3 High |
| Improper privileges management vulnerability in McAfee Endpoint Security (ENS) Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended location. | ||||
| CVE-2021-31566 | 5 Debian, Fedoraproject, Libarchive and 2 more | 14 Debian Linux, Fedora, Libarchive and 11 more | 2024-11-21 | 7.8 High |
| An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | ||||
| CVE-2021-31187 | 1 Microsoft | 7 Windows 10, Windows 10 1507, Windows 10 1607 and 4 more | 2024-11-21 | 7.8 High |
| Windows WalletService Elevation of Privilege Vulnerability | ||||
| CVE-2021-30968 | 1 Apple | 5 Iphone Os, Mac Os X, Macos and 2 more | 2024-11-21 | 5.5 Medium |
| A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences. | ||||