Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1194 | 1 Pax Project | 1 Pax | 2024-02-04 | 4.3 MEDIUM | N/A |
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
CVE-2013-7393 | 1 Apache | 1 Subversion | 2024-02-04 | 2.4 LOW | N/A |
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | |||||
CVE-2014-4372 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 3.6 LOW | N/A |
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2014-6407 | 1 Docker | 1 Docker | 2024-02-04 | 7.5 HIGH | N/A |
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||||
CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2024-02-04 | 4.4 MEDIUM | N/A |
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | |||||
CVE-2014-3627 | 1 Apache | 1 Hadoop | 2024-02-04 | 5.0 MEDIUM | N/A |
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | |||||
CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2024-02-04 | 4.4 MEDIUM | N/A |
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | |||||
CVE-2015-1038 | 3 7-zip, Fedoraproject, Oracle | 3 P7zip, Fedora, Solaris | 2024-02-04 | 5.8 MEDIUM | N/A |
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
CVE-2014-1624 | 1 Python | 1 Pyxdg | 2024-02-04 | 3.3 LOW | N/A |
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
CVE-2013-6891 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2024-02-04 | 1.2 LOW | N/A |
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||||
CVE-2014-5029 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2024-02-04 | 1.5 LOW | N/A |
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | |||||
CVE-2014-3981 | 1 Php | 1 Php | 2024-02-04 | 3.3 LOW | N/A |
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. | |||||
CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2024-02-04 | 6.3 MEDIUM | N/A |
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | |||||
CVE-2010-5105 | 1 Blender | 1 Blender | 2024-02-04 | 3.3 LOW | N/A |
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | |||||
CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2024-02-04 | 3.3 LOW | N/A |
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
CVE-2014-1875 | 1 Cspan | 1 Capture-tiny | 2024-02-04 | 3.6 LOW | N/A |
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2014-4199 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2024-02-04 | 6.3 MEDIUM | N/A |
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | |||||
CVE-2014-9512 | 3 Opensuse, Oracle, Samba | 3 Opensuse, Solaris, Rsync | 2024-02-04 | 6.4 MEDIUM | N/A |
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | |||||
CVE-2014-1876 | 1 Oracle | 1 Openjdk | 2024-02-04 | 4.4 MEDIUM | N/A |
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | |||||
CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2024-02-04 | 1.9 LOW | N/A |
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. |