Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4226 | 2 Gnu, Opensuse | 2 Cpio, Opensuse | 2024-02-04 | 5.0 MEDIUM | N/A |
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. | |||||
CVE-2011-0460 | 2 Kbd-project, Opensuse | 2 Kbd, Opensuse | 2024-02-04 | 6.3 MEDIUM | N/A |
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. | |||||
CVE-2014-1640 | 1 Debian | 1 Axiom | 2024-02-04 | 3.3 LOW | N/A |
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
CVE-2014-7206 | 1 Debian | 2 Advanced Package Tool, Apt | 2024-02-04 | 3.6 LOW | N/A |
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | |||||
CVE-2014-3423 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2024-02-04 | 3.3 LOW | N/A |
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | |||||
CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2024-02-04 | 4.3 MEDIUM | N/A |
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||||
CVE-2014-3422 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2024-02-04 | 3.3 LOW | N/A |
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | |||||
CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2024-02-04 | 3.3 LOW | N/A |
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | |||||
CVE-2014-1638 | 1 Debian | 1 Localepurge | 2024-02-04 | 3.3 LOW | N/A |
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2024-02-04 | 3.3 LOW | N/A |
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | |||||
CVE-2015-1377 | 1 Webmin | 1 Webmin | 2024-02-04 | 4.9 MEDIUM | N/A |
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2024-02-04 | 6.3 MEDIUM | N/A |
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
CVE-2009-5023 | 1 Fail2ban | 1 Fail2ban | 2024-02-04 | 4.7 MEDIUM | N/A |
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | |||||
CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2024-02-04 | 1.9 LOW | N/A |
dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | |||||
CVE-2014-3486 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2024-02-04 | 6.9 MEDIUM | N/A |
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. | |||||
CVE-2013-4262 | 1 Apache | 1 Subversion | 2024-02-04 | 2.4 LOW | N/A |
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | |||||
CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-02-04 | 3.3 LOW | N/A |
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2024-02-04 | 3.3 LOW | N/A |
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. | |||||
CVE-2013-4215 | 1 Nagios | 1 Plugins | 2024-02-04 | 4.4 MEDIUM | N/A |
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||||
CVE-2014-5045 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux Eus, Enterprise Linux Server Aus and 1 more | 2024-02-04 | 6.2 MEDIUM | N/A |
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. |