Search
Total
427 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4993 | 1 Xen | 1 Xen | 2017-09-29 | 6.9 MEDIUM | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | |||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.0 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. | |||||
| CVE-2008-4579 | 1 Gentoo | 2 Cman, Fence | 2017-09-29 | 1.9 LOW | N/A |
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | |||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2017-09-29 | 6.9 MEDIUM | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
| CVE-2008-5706 | 1 Verlihub-project | 1 Verlihub | 2017-09-29 | 6.9 MEDIUM | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file. | |||||
| CVE-2008-1684 | 1 Sun | 1 Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||||
| CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2017-09-29 | 3.3 LOW | N/A |
| CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
| CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2017-09-29 | 6.0 MEDIUM | N/A |
| (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | |||||
| CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2017-09-29 | 4.4 MEDIUM | N/A |
| sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | |||||
| CVE-2015-1038 | 3 7-zip, Fedoraproject, Oracle | 3 P7zip, Fedora, Solaris | 2017-09-08 | 5.8 MEDIUM | N/A |
| p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2017-09-02 | 3.3 LOW | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2014-4199 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2017-08-29 | 6.3 MEDIUM | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | |||||
| CVE-2014-3563 | 1 Saltstack | 1 Salt | 2017-08-29 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | |||||
| CVE-2014-1640 | 1 Debian | 1 Axiom | 2017-08-29 | 3.3 LOW | N/A |
| axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1875 | 1 Cspan | 1 Capture-tiny | 2017-08-29 | 3.6 LOW | N/A |
| The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2017-08-29 | 3.3 LOW | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
| CVE-2014-1638 | 1 Debian | 1 Localepurge | 2017-08-29 | 3.3 LOW | N/A |
| (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2017-08-29 | 3.3 LOW | N/A |
| syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2013-2105 | 1 Jonathan Leung | 1 Show In Browser | 2017-08-29 | 3.3 LOW | N/A |
| The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. | |||||
| CVE-2012-5355 | 1 Bryce Harrington | 1 Xdiagnose | 2017-08-29 | 3.3 LOW | N/A |
| welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | |||||
| CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2017-08-29 | 6.2 MEDIUM | N/A |
| openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | |||||
| CVE-2012-2103 | 1 Munin-monitoring | 1 Munin | 2017-08-29 | 1.2 LOW | N/A |
| The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
| CVE-2012-2093 | 1 Gajim | 1 Gajim | 2017-08-29 | 3.3 LOW | N/A |
| src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. | |||||
| CVE-2012-3329 | 2 Ibm, Linux | 3 Advanced Settings Utility, Bootable Media Creator, Linux Kernel | 2017-08-29 | 3.3 LOW | N/A |
| IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file. | |||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2017-08-29 | 3.3 LOW | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | |||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2017-08-29 | 6.3 MEDIUM | N/A |
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | |||||
| CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2017-08-17 | 4.0 MEDIUM | N/A |
| The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | |||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2017-08-17 | 3.3 LOW | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
| CVE-2011-0727 | 1 Gnome | 1 Gdm | 2017-08-17 | 6.9 MEDIUM | N/A |
| GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
| CVE-2010-4338 | 2 Debian, Jwilk | 2 Linux, Ocrodjvu | 2017-08-17 | 6.2 MEDIUM | N/A |
| ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine. | |||||
| CVE-2011-0017 | 1 Exim | 1 Exim | 2017-08-17 | 6.9 MEDIUM | N/A |
| The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | |||||
| CVE-2011-0007 | 1 Troglobit | 1 Pimd | 2017-08-17 | 3.3 LOW | N/A |
| pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | |||||
| CVE-2011-0402 | 1 Debian | 1 Dpkg | 2017-08-17 | 6.8 MEDIUM | N/A |
| dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | |||||
| CVE-2011-0441 | 1 Php | 1 Php | 2017-08-17 | 6.3 MEDIUM | N/A |
| The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. | |||||
| CVE-2010-1693 | 1 Openfabrics | 1 Enterprise Distribution | 2017-08-17 | 6.3 MEDIUM | N/A |
| openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file. | |||||
| CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2017-08-17 | 6.9 MEDIUM | N/A |
| pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
| CVE-2010-2053 | 1 Emesene | 1 Emesene | 2017-08-17 | 3.3 LOW | N/A |
| emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file. | |||||
| CVE-2010-0787 | 1 Samba | 1 Samba | 2017-08-17 | 4.4 MEDIUM | N/A |
| client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. | |||||
| CVE-2010-0789 | 1 Fuse | 1 Fuse | 2017-08-17 | 3.3 LOW | N/A |
| fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | |||||
| CVE-2009-4135 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Coreutils | 2017-08-17 | 4.4 MEDIUM | N/A |
| The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | |||||
| CVE-2009-4193 | 1 Merkaartor | 1 Merkaartor | 2017-08-17 | 3.3 LOW | N/A |
| Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file. | |||||
| CVE-2009-4664 | 2 Fwbuilder, Linux | 2 Firewall Builder, Linux Kernel | 2017-08-17 | 3.3 LOW | N/A |
| Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. | |||||
| CVE-2009-1962 | 2 Debian, Xfig | 2 Debian Linux, Xfig | 2017-08-17 | 4.4 MEDIUM | N/A |
| Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. | |||||
| CVE-2009-0876 | 2 Linux, Sun | 2 Linux Kernel, Xvm Virtualbox | 2017-08-17 | 6.9 MEDIUM | N/A |
| Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | |||||
| CVE-2008-6397 | 1 Alcovebook | 1 Sgml2x | 2017-08-17 | 4.4 MEDIUM | N/A |
| rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-6398 | 1 Eric Raymond | 1 Sng | 2017-08-17 | 6.9 MEDIUM | N/A |
| sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files. | |||||
| CVE-2008-6762 | 1 Wordpress | 1 Wordpress | 2017-08-17 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter. | |||||
| CVE-2008-4945 | 1 Tivano | 1 Cdrw-taper | 2017-08-08 | 6.9 MEDIUM | N/A |
| amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory. | |||||
| CVE-2008-4944 | 1 Gleydson Mazioli Da Silva | 1 Cdcontrol | 2017-08-08 | 6.9 MEDIUM | N/A |
| writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files. | |||||
| CVE-2008-4982 | 1 John Horne | 1 Rkhunter | 2017-08-08 | 6.9 MEDIUM | N/A |
| rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270. | |||||