Search
Total
874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2018-09-18 | 3.6 LOW | 5.5 MEDIUM |
| The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | |||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2018-09-17 | 2.1 LOW | 5.5 MEDIUM |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | |||||
| CVE-2018-13054 | 2 Debian, Linuxmint | 2 Debian Linux, Cinnamon | 2018-09-04 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. | |||||
| CVE-2015-3629 | 1 Docker | 1 Libcontainer | 2018-08-13 | 7.2 HIGH | N/A |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | |||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2018-08-13 | 7.2 HIGH | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||||
| CVE-2016-9774 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2018-08-02 | 7.2 HIGH | 7.8 HIGH |
| The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. | |||||
| CVE-2018-5107 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | |||||
| CVE-2013-0159 | 1 Fedoraproject | 1 Fedora | 2018-06-13 | 3.6 LOW | 7.1 HIGH |
| The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | |||||
| CVE-2018-10722 | 1 Cylance | 1 Cylanceprotect | 2018-06-13 | 7.2 HIGH | 7.8 HIGH |
| In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | |||||
| CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2018-06-12 | 7.2 HIGH | 7.8 HIGH |
| kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | |||||
| CVE-2018-4112 | 1 Apple | 1 Mac Os X | 2018-04-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. | |||||
| CVE-2018-5225 | 1 Atlassian | 1 Bitbucket | 2018-04-20 | 6.5 MEDIUM | 9.9 CRITICAL |
| In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. | |||||
| CVE-2018-1196 | 1 Pivotal Software | 1 Spring Boot | 2018-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. | |||||
| CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2018-04-12 | 3.3 LOW | 4.4 MEDIUM |
| Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | |||||
| CVE-2017-18188 | 1 Openr | 1 Opentmpfiles | 2018-03-09 | 2.1 LOW | 5.5 MEDIUM |
| OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run. | |||||
| CVE-2015-3315 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2018-02-19 | 7.2 HIGH | 7.8 HIGH |
| Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. | |||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2018-02-02 | 3.6 LOW | 5.5 MEDIUM |
| clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | |||||
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2018-02-01 | 7.2 HIGH | 7.8 HIGH |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | |||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2018-01-30 | 2.1 LOW | 5.5 MEDIUM |
| lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | |||||
| CVE-2017-1000420 | 1 Syncthing | 1 Syncthing | 2018-01-16 | 6.4 MEDIUM | 7.5 HIGH |
| Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | |||||
| CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2018-01-10 | 3.6 LOW | 5.5 MEDIUM |
| The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | |||||
| CVE-2010-0424 | 2 Fedorahosted, Paul Vixie | 2 Cronie, Vixie Cron | 2018-01-06 | 3.3 LOW | N/A |
| The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | |||||
| CVE-2016-3108 | 1 Pulpproject | 1 Pulp | 2018-01-05 | 3.6 LOW | 7.1 HIGH |
| The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | |||||
| CVE-2014-1876 | 1 Oracle | 1 Openjdk | 2018-01-05 | 4.4 MEDIUM | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | |||||
| CVE-2016-1255 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2017-12-21 | 7.2 HIGH | 7.8 HIGH |
| The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | |||||
| CVE-2010-0156 | 1 Puppet | 1 Puppet | 2017-12-09 | 3.3 LOW | N/A |
| Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. | |||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2017-12-08 | 3.6 LOW | 5.5 MEDIUM |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | |||||
| CVE-2011-2684 | 1 Rkkda | 1 Foo2zjs | 2017-11-21 | 2.1 LOW | 5.5 MEDIUM |
| foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | |||||
| CVE-2017-1301 | 1 Ibm | 1 Tivoli Storage Manager | 2017-10-25 | 3.6 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. | |||||
| CVE-2006-5851 | 1 Openbase International Ltd | 1 Openbase | 2017-10-19 | 2.1 LOW | N/A |
| openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328. | |||||
| CVE-2004-0967 | 1 Aladdin Enterprises | 1 Ghostscript | 2017-10-11 | 7.2 HIGH | N/A |
| The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | |||||
| CVE-2009-1867 | 1 Adobe | 3 Air, Flash Player, Flex | 2017-09-29 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." | |||||
| CVE-2009-1893 | 2 Isc, Redhat | 2 Dhcp, Enterprise Linux | 2017-09-29 | 6.9 MEDIUM | N/A |
| The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. | |||||
| CVE-2008-6552 | 2 Fedoraproject, Redhat | 5 Fedora, Cluster Project, Cman and 2 more | 2017-09-29 | 6.9 MEDIUM | N/A |
| Red Hat Cluster Project 2.x allows local users to modify or overwrite arbitrary files via symlink attacks on files in /tmp, involving unspecified components in Resource Group Manager (aka rgmanager) before 2.03.09-1, gfs2-utils before 2.03.09-1, and CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9. | |||||
| CVE-2009-0321 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-09-29 | 4.3 MEDIUM | N/A |
| Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. | |||||
| CVE-2009-0356 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 5.1 MEDIUM | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | |||||
| CVE-2008-5706 | 1 Verlihub-project | 1 Verlihub | 2017-09-29 | 6.9 MEDIUM | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file. | |||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2017-09-29 | 6.9 MEDIUM | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
| CVE-2008-4993 | 1 Xen | 1 Xen | 2017-09-29 | 6.9 MEDIUM | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | |||||
| CVE-2008-4579 | 1 Gentoo | 2 Cman, Fence | 2017-09-29 | 1.9 LOW | N/A |
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file. | |||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.0 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. | |||||
| CVE-2008-1684 | 1 Sun | 1 Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | |||||
| CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2017-09-29 | 6.0 MEDIUM | N/A |
| (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | |||||
| CVE-2007-4129 | 2 Fedoraproject, Redhat | 2 Coolkey, Enterprise Linux | 2017-09-29 | 3.3 LOW | N/A |
| CoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory. | |||||
| CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2017-09-29 | 4.4 MEDIUM | N/A |
| sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | |||||
| CVE-2015-5705 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2017-09-13 | 5.0 MEDIUM | 7.5 HIGH |
| Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | |||||
| CVE-2015-5701 | 1 Tug | 1 Texlive | 2017-09-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. | |||||
| CVE-2015-1038 | 3 7-zip, Fedoraproject, Oracle | 3 P7zip, Fedora, Solaris | 2017-09-08 | 5.8 MEDIUM | N/A |
| p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2015-3211 | 1 Php-fpm | 1 Php-fpm | 2017-09-06 | 2.1 LOW | 5.5 MEDIUM |
| php-fpm allows local users to write to or create arbitrary files via a symlink attack. | |||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2017-09-02 | 3.3 LOW | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | |||||