Total
1303 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16939 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| <p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p> | ||||
| CVE-2020-16853 | 1 Microsoft | 1 Onedrive | 2024-11-21 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16851 | 1 Microsoft | 1 Onedrive | 2024-11-21 | 7.1 High |
| <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p> | ||||
| CVE-2020-16007 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports Sle and 1 more | 2024-11-21 | 7.8 High |
| Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | ||||
| CVE-2020-15932 | 1 Overwolf | 1 Overwolf | 2024-11-21 | 8.8 High |
| Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. | ||||
| CVE-2020-15861 | 3 Canonical, Net-snmp, Netapp | 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more | 2024-11-21 | 7.8 High |
| Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. | ||||
| CVE-2020-15401 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 4.4 Medium |
| IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-15076 | 1 Openvpn | 1 Private Tunnel | 2024-11-21 | 7.8 High |
| Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-15075 | 1 Openvpn | 1 Connect | 2024-11-21 | 7.1 High |
| OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-14990 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.1 High |
| IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-14367 | 3 Canonical, Fedoraproject, Tuxfamily | 3 Ubuntu Linux, Fedora, Chrony | 2024-11-21 | 6.0 Medium |
| A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | ||||
| CVE-2020-14004 | 2 Icinga, Opensuse | 3 Icinga, Backports Sle, Leap | 2024-11-21 | 7.8 High |
| An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | ||||
| CVE-2020-13833 | 1 Google | 1 Android | 2024-11-21 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). | ||||
| CVE-2020-13095 | 1 Obdev | 1 Little Snitch | 2024-11-21 | 8.8 High |
| Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root. | ||||
| CVE-2020-12878 | 1 Digi | 2 Connectport X2e, Connectport X2e Firmware | 2024-11-21 | 7.8 High |
| Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | ||||
| CVE-2020-12265 | 1 Decompress Project | 1 Decompress | 2024-11-21 | 9.8 Critical |
| The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | ||||
| CVE-2020-12254 | 1 Avira | 1 Antivirus | 2024-11-21 | 7.8 High |
| Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | ||||
| CVE-2020-11736 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, File-roller and 1 more | 2024-11-21 | 3.9 Low |
| fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||||
| CVE-2020-11474 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | 7.8 High |
| NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | ||||
| CVE-2020-11446 | 1 Eset | 8 Antivirus And Antispyware, Endpoint Antivirus, Endpoint Security and 5 more | 2024-11-21 | 7.8 High |
| ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. | ||||