Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2024-02-04 | 3.6 LOW | N/A |
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2015-5273 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2024-02-04 | 3.6 LOW | N/A |
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |||||
CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-02-04 | 7.2 HIGH | N/A |
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | |||||
CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2024-02-04 | 7.2 HIGH | 8.4 HIGH |
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||||
CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
CVE-2015-5287 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2024-02-04 | 6.9 MEDIUM | N/A |
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. | |||||
CVE-2015-4155 | 1 Gnu | 1 Parallel | 2024-02-04 | 3.6 LOW | N/A |
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2024-02-04 | 4.9 MEDIUM | N/A |
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||||
CVE-2015-3436 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-02-04 | 6.6 MEDIUM | N/A |
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. | |||||
CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | |||||
CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | |||||
CVE-2015-0556 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2024-02-04 | 5.8 MEDIUM | N/A |
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||||
CVE-2014-3563 | 1 Saltstack | 1 Salt | 2024-02-04 | 7.2 HIGH | N/A |
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | |||||
CVE-2012-1088 | 1 Iproute2 Project | 1 Iproute2 | 2024-02-04 | 3.3 LOW | N/A |
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. | |||||
CVE-2014-9508 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 4.3 MEDIUM | N/A |
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | |||||
CVE-2014-4703 | 1 Nagios | 1 Nagios | 2024-02-04 | 2.1 LOW | N/A |
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | |||||
CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2024-02-04 | 5.8 MEDIUM | N/A |
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | |||||
CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2024-02-04 | 6.3 MEDIUM | N/A |
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | |||||
CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2024-02-04 | 3.3 LOW | N/A |
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||||
CVE-2013-2105 | 1 Jonathan Leung | 1 Show In Browser | 2024-02-04 | 3.3 LOW | N/A |
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. |