Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5007 | 1 Cisco | 1 Anyconnect Ssl Vpn | 2025-04-11 | 3.3 LOW | N/A |
|
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.
|
|||||
| CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2025-04-11 | 6.3 MEDIUM | N/A |
|
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
|
|||||
| CVE-2010-0118 | 1 Becauseinter | 1 Bournal | 2025-04-11 | 3.3 LOW | N/A |
|
Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.
|
|||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.
|
|||||
| CVE-2013-1888 | 2 Fedoraproject, Pypa | 2 Fedora, Pip | 2025-04-11 | 2.1 LOW | N/A |
|
pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
|
|||||
| CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2025-04-11 | 1.9 LOW | N/A |
|
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
|
|||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
|
|||||
| CVE-2010-2056 | 1 Gnu | 1 Gv | 2025-04-11 | 3.3 LOW | N/A |
|
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2011-0441 | 1 Php | 1 Php | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/.
|
|||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2025-04-11 | 3.3 LOW | N/A |
|
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
|
|||||
| CVE-2010-2192 | 1 Vincent Fourmond | 1 Pmount | 2025-04-11 | 1.9 LOW | N/A |
|
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
|
|||||
| CVE-2012-3329 | 2 Ibm, Linux | 3 Advanced Settings Utility, Bootable Media Creator, Linux Kernel | 2025-04-11 | 3.3 LOW | N/A |
|
IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.
|
|||||
| CVE-2009-5081 | 1 Gnu | 1 Groff | 2025-04-11 | 3.3 LOW | N/A |
|
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
|
|||||
| CVE-2011-4028 | 1 X.org | 1 X Server | 2025-04-11 | 1.2 LOW | N/A |
|
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
|
|||||
| CVE-2011-1073 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2025-04-11 | 1.9 LOW | N/A |
|
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
|
|||||
| CVE-2013-4136 | 2 Phusion, Ruby-lang | 2 Passenger, Ruby | 2025-04-11 | 4.4 MEDIUM | N/A |
|
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
|
|||||
| CVE-2013-0200 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
|
|||||
| CVE-2011-0541 | 1 Fuse | 1 Fuse | 2025-04-11 | 3.3 LOW | N/A |
|
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
|
|||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2025-04-11 | 3.3 LOW | N/A |
|
hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file.
|
|||||
| CVE-2007-1027 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
|
|||||
| CVE-2008-4553 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-09 | 7.2 HIGH | N/A |
|
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
|
|||||
| CVE-2008-4976 | 1 Alan Woodland | 2 Ogle, Ogle-mmx | 2025-04-09 | 6.9 MEDIUM | N/A |
|
ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, ...
Show More |
|||||
| CVE-2008-4945 | 1 Tivano | 1 Cdrw-taper | 2025-04-09 | 6.9 MEDIUM | N/A |
|
amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory.
|
|||||
| CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2025-04-09 | 2.1 LOW | N/A |
|
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
|
|||||
| CVE-2008-5370 | 1 Pvpgn | 1 Pvpgn | 2025-04-09 | 6.9 MEDIUM | N/A |
|
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
|
|||||
| CVE-2008-5152 | 1 Peter S Galbraith | 1 Mh-book | 2025-04-09 | 6.9 MEDIUM | N/A |
|
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
|
|||||
| CVE-2008-5144 | 1 Federico Di Gregorio | 1 Nvidia-cg-toolkit | 2025-04-09 | 6.9 MEDIUM | N/A |
|
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
|
|||||
| CVE-2007-2978 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
|||||
| CVE-2008-5379 | 1 Oliver Gorwits | 1 Netdisco Mibs Installer | 2025-04-09 | 6.9 MEDIUM | N/A |
|
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.
|
|||||
| CVE-2009-1962 | 2 Debian, Xfig | 2 Debian Linux, Xfig | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.
|
|||||
| CVE-2008-3227 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
|
|||||
| CVE-2008-4579 | 1 Gentoo | 2 Cman, Fence | 2025-04-09 | 1.9 LOW | N/A |
|
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
|
|||||
| CVE-2009-0321 | 2 Apple, Microsoft | 2 Safari, Windows | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
|
|||||
| CVE-2008-5153 | 1 Moodle | 1 Moodle | 2025-04-09 | 6.9 MEDIUM | N/A |
|
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
|
|||||
| CVE-2008-5256 | 1 Virtualox | 1 Virtualox | 2025-04-09 | 4.4 MEDIUM | N/A |
|
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
|
|||||
| CVE-2008-0666 | 1 Website Meta Language | 1 Website Meta Language | 2025-04-09 | 3.6 LOW | N/A |
|
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.
|
|||||
| CVE-2008-2266 | 2 Nzbget, Uudeview | 2 Nzbget, Uudeview | 2025-04-09 | 4.4 MEDIUM | N/A |
|
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.
|
|||||
| CVE-2008-5703 | 1 Gpsdrive | 1 Gpsdrive | 2025-04-09 | 6.2 MEDIUM | N/A |
|
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
|
|||||
| CVE-2008-1078 | 2 Gentoo, Rpath | 2 Linux, Rpath Linux | 2025-04-09 | 7.2 HIGH | N/A |
|
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
|
|||||
| CVE-2009-0416 | 1 Standards Based Linux Instrumentation | 1 Sblim-sfcb | 2025-04-09 | 6.9 MEDIUM | N/A |
|
The SSL certificate setup program (genSslCert.sh) in Standards Based Linux Instrumentation for Manageability (SBLIM) sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /var/tmp/key.pem, (2) /var/tmp/cert.pem, and (3) /var/tmp/ssl.cnf temporary files.
|
|||||