Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000420 | 1 Syncthing | 1 Syncthing | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
|
|||||
| CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
|
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
|
|||||
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
|
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
|
|||||
| CVE-2016-8641 | 1 Nagios | 1 Nagios | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.
|
|||||
| CVE-2015-3147 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
|
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
|
|||||
| CVE-2015-1869 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
|
|||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.
|
|||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.
|
|||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
|
|||||
| CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.
|
|||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-11-21 | 4.3 MEDIUM | 7.8 HIGH |
|
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
|
|||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2024-11-21 | 6.6 MEDIUM | 5.5 MEDIUM |
|
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
|
|||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
python-rply before 0.7.4 insecurely creates temporary files.
|
|||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2014-1420 | 1 Canonical | 1 Ubuntu-ui-toolkit | 2024-11-21 | 2.1 LOW | 3.8 LOW |
|
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.
|
|||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
|
|||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.
|
|||||
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
|
|||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks
|
|||||
| CVE-2013-1867 | 1 Apple | 2 Mac Os X, Tokend | 2024-11-21 | 6.3 MEDIUM | 6.1 MEDIUM |
|
Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability
|
|||||
| CVE-2013-1866 | 2 Apple, Opensc Project | 2 Mac Os X, Opensc | 2024-11-21 | 6.3 MEDIUM | 6.1 MEDIUM |
|
OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability
|
|||||
| CVE-2013-1809 | 2 Debian, Gambas Project | 2 Debian Linux, Gambas | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
|
|||||
| CVE-2013-1429 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Lintian | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
|
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
|
|||||
| CVE-2013-0159 | 1 Fedoraproject | 1 Fedora | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
|
|||||
| CVE-2012-6114 | 1 Git-extras Project | 1 Git-extras | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.
|
|||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Hadoop 1.0.3 contains a symlink vulnerability.
|
|||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
|
|||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
|
Pacemaker before 1.1.6 configure script creates temporary files insecurely
|
|||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
|
|||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
atop: symlink attack possible due to insecure tempfile handling
|
|||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
|
openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system.
|
|||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
|
foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
|
|||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
|
foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.
|
|||||
| CVE-2011-2765 | 1 Pyro Project | 1 Pyro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
|
|||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
|
|||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-11-21 | 6.3 MEDIUM | 4.7 MEDIUM |
|
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
|
|||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.
|
|||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
|
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
|
|||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
|
|||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.
|
|||||