• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-59

CVE-2020-9901

February 26, 2023 by

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges.

CVE-2020-9670

February 26, 2023 by

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation.

CVE-2020-9682

February 26, 2023 by

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write.

CVE-2020-9452

February 26, 2023 by

An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.

CVE-2020-8948

February 26, 2023 by

The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.

CVE-2020-8950

February 26, 2023 by

The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%AMDPPCupload and then creating a symbolic link in %PROGRAMDATA%AMDPPCtemp that points to an arbitrary folder with an arbitrary file name.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 40
  • Go to page 41
  • Go to page 42
  • Go to page 43
  • Go to page 44
  • Interim pages omitted …
  • Go to page 101
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE