Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0439 | 1 Chip Salzenberg | 1 Deliver | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
|
|||||
| CVE-2010-1160 | 1 Gnu | 1 Nano | 2025-04-11 | 1.9 LOW | N/A |
|
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
|
|||||
| CVE-2009-5080 | 1 Gnu | 1 Groff | 2025-04-11 | 3.3 LOW | N/A |
|
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
|
|||||
| CVE-2010-1693 | 1 Openfabrics | 1 Enterprise Distribution | 2025-04-11 | 6.3 MEDIUM | N/A |
|
openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.
|
|||||
| CVE-2012-2103 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | 1.2 LOW | N/A |
|
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
|
|||||
| CVE-2010-4173 | 1 Openfabrics | 1 Libsdp | 2025-04-11 | 3.3 LOW | N/A |
|
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
|
|||||
| CVE-2011-1031 | 1 Feh Project | 1 Feh | 2025-04-11 | 3.3 LOW | N/A |
|
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
|
|||||
| CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2025-04-11 | 2.6 LOW | N/A |
|
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
|
|||||
| CVE-2011-1004 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
|
|||||
| CVE-2010-0788 | 1 Ncpfs | 1 Ncpfs | 2025-04-11 | 4.4 MEDIUM | N/A |
|
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
|
|||||
| CVE-2009-1299 | 1 Pulseaudio | 1 Pulseaudio | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
|
|||||
| CVE-2013-2217 | 3 Jeff Ortel, Opensuse, Redhat | 3 Suds, Opensuse, Enterprise Linux | 2025-04-11 | 1.2 LOW | N/A |
|
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
|
|||||
| CVE-2010-0156 | 1 Puppet | 1 Puppet | 2025-04-11 | 3.3 LOW | N/A |
|
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
|
|||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2025-04-11 | 3.3 LOW | N/A |
|
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.
|
|||||
| CVE-2011-0702 | 1 Feh Project | 1 Feh | 2025-04-11 | 3.3 LOW | N/A |
|
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.
|
|||||
| CVE-2011-0402 | 1 Debian | 1 Dpkg | 2025-04-11 | 6.8 MEDIUM | N/A |
|
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
|
|||||
| CVE-2013-4214 | 2 Nagios, Redhat | 2 Nagios, Openstack | 2025-04-11 | 6.3 MEDIUM | N/A |
|
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
|
|||||
| CVE-2011-5146 | 1 Ingumadev | 1 Bokken | 2025-04-11 | 2.6 LOW | N/A |
|
Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.
|
|||||
| CVE-2009-5044 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2025-04-11 | 3.3 LOW | N/A |
|
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
|
|||||
| CVE-2010-4338 | 2 Debian, Jwilk | 2 Linux, Ocrodjvu | 2025-04-11 | 6.2 MEDIUM | N/A |
|
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.
|
|||||
| CVE-2010-4337 | 1 Gnu | 1 Gnash | 2025-04-11 | 3.3 LOW | N/A |
|
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
|
|||||
| CVE-2013-3368 | 1 Bestpractical | 1 Rt | 2025-04-11 | 3.3 LOW | N/A |
|
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
|
|||||
| CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2025-04-11 | 3.3 LOW | N/A |
|
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
|
|||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 3.6 LOW | N/A |
|
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
|
|||||
| CVE-2010-2431 | 1 Apple | 1 Cups | 2025-04-11 | 2.6 LOW | N/A |
|
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
|
|||||
| CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | 6.2 MEDIUM | N/A |
|
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
|
|||||
| CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
|
|||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2025-04-11 | 3.3 LOW | N/A |
|
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-1088 | 1 Iproute2 Project | 1 Iproute2 | 2025-04-11 | 3.3 LOW | N/A |
|
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.
|
|||||
| CVE-2012-0786 | 1 Augeas | 1 Augeas | 2025-04-11 | 3.3 LOW | N/A |
|
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
|
|||||
| CVE-2013-0927 | 1 Google | 1 Chrome Os | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.
|
|||||
| CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
|
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
|
|||||
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.
|
|||||
| CVE-2010-0792 | 1 Thibault Godouet | 1 Fcron | 2025-04-11 | 1.9 LOW | N/A |
|
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.
|
|||||
| CVE-2010-2053 | 1 Emesene | 1 Emesene | 2025-04-11 | 3.3 LOW | N/A |
|
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.
|
|||||
| CVE-2014-1640 | 1 Debian | 1 Axiom | 2025-04-11 | 3.3 LOW | N/A |
|
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
|
|||||
| CVE-2012-0054 | 1 Golismero | 1 Golismero | 2025-04-11 | 3.3 LOW | N/A |
|
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.
|
|||||
| CVE-2009-5079 | 1 Gnu | 1 Groff | 2025-04-11 | 3.3 LOW | N/A |
|
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
|
|||||
| CVE-2011-2722 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | 1.2 LOW | N/A |
|
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
|
|||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2025-04-11 | 3.3 LOW | N/A |
|
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
|
|||||