Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4155 | 1 Gnu | 1 Parallel | 2025-04-12 | 3.6 LOW | N/A |
|
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2013-4262 | 1 Apache | 1 Subversion | 2025-04-12 | 2.4 LOW | N/A |
|
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.
|
|||||
| CVE-2014-6407 | 1 Docker | 1 Docker | 2025-04-12 | 7.5 HIGH | N/A |
|
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
|
|||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2025-04-12 | 1.9 LOW | N/A |
|
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
|
|||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2025-04-12 | 4.4 MEDIUM | N/A |
|
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
|
|||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2025-04-12 | 1.9 LOW | N/A |
|
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
|
|||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2025-04-12 | 3.3 LOW | N/A |
|
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
|
|||||
| CVE-2015-5287 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
|
|||||
| CVE-2014-4703 | 1 Nagios | 1 Nagios | 2025-04-12 | 2.1 LOW | N/A |
|
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
|
|||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2025-04-12 | 3.6 LOW | N/A |
|
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2025-04-12 | 3.3 LOW | N/A |
|
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
|
|||||
| CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
|
|||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2025-04-12 | 3.3 LOW | N/A |
|
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
|
|||||
| CVE-2016-6664 | 3 Mariadb, Oracle, Percona | 4 Mariadb, Mysql, Percona Server and 1 more | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
|
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
|
|||||
| CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2025-04-12 | 3.3 LOW | N/A |
|
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
|
|||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2025-04-12 | 2.4 LOW | N/A |
|
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
|
|||||
| CVE-2013-2105 | 1 Jonathan Leung | 1 Show In Browser | 2025-04-12 | 3.3 LOW | N/A |
|
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
|
|||||
| CVE-2015-5752 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
|
|||||
| CVE-2014-4372 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 3.6 LOW | N/A |
|
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
|
|||||
| CVE-2015-5273 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 3.6 LOW | N/A |
|
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
|
|||||
| CVE-2014-5029 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2025-04-12 | 1.5 LOW | N/A |
|
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
|
|||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
|
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
|
|||||
| CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 6.3 MEDIUM | N/A |
|
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
|
|||||
| CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2025-04-12 | 5.8 MEDIUM | N/A |
|
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to ...
Show More |
|||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2025-04-12 | 4.3 MEDIUM | N/A |
|
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
|
|||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | 4.4 MEDIUM | N/A |
|
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
|
|||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | 1.9 LOW | N/A |
|
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
|
|||||
| CVE-2014-3981 | 1 Php | 1 Php | 2025-04-12 | 3.3 LOW | N/A |
|
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
|
|||||
| CVE-2014-3422 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
|
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
|
|||||
| CVE-2014-9508 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
|
|||||
| CVE-2014-3563 | 1 Saltstack | 1 Salt | 2025-04-12 | 7.2 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
|
|||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.
|
|||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2025-04-12 | 7.2 HIGH | N/A |
|
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
|
|||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2025-04-12 | 3.3 LOW | N/A |
|
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.
|
|||||
| CVE-2014-1934 | 2 Opensuse, Travis Shirk | 2 Opensuse, Eyed3 | 2025-04-12 | 3.3 LOW | N/A |
|
tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
|
|||||
| CVE-2015-6927 | 1 Openvz | 1 Vzctl | 2025-04-12 | 3.6 LOW | N/A |
|
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.
|
|||||
| CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2025-04-12 | 4.4 MEDIUM | N/A |
|
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
|
|||||
| CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2025-04-12 | 6.3 MEDIUM | N/A |
|
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
|
|||||
| CVE-2014-3627 | 1 Apache | 1 Hadoop | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
|
|||||
| CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
|
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
|
|||||