Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2024-02-04 | 3.3 LOW | N/A |
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
CVE-2014-5459 | 3 Opensuse, Oracle, Php | 4 Evergreen, Opensuse, Solaris and 1 more | 2024-02-04 | 3.6 LOW | N/A |
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | |||||
CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2024-02-04 | 3.3 LOW | N/A |
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
CVE-2014-0027 | 1 Cmu | 1 Flite | 2024-02-04 | 3.3 LOW | N/A |
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | |||||
CVE-2014-8585 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | |||||
CVE-2013-2142 | 1 Libimobiledevice | 1 Libimobiledevice | 2024-02-04 | 3.3 LOW | N/A |
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. | |||||
CVE-2001-1593 | 1 Gnu | 1 A2ps | 2024-02-04 | 2.1 LOW | N/A |
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2014-5030 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2024-02-04 | 1.9 LOW | N/A |
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | |||||
CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2024-02-04 | 3.3 LOW | N/A |
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | |||||
CVE-2014-3537 | 3 Apple, Canonical, Fedoraproject | 3 Cups, Ubuntu Linux, Fedora | 2024-02-04 | 1.2 LOW | N/A |
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||||
CVE-2014-4480 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 10.0 HIGH | N/A |
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | |||||
CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2024-02-04 | 6.9 MEDIUM | N/A |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 6.3 MEDIUM | N/A |
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | |||||
CVE-2014-1934 | 2 Opensuse, Travis Shirk | 2 Opensuse, Eyed3 | 2024-02-04 | 3.3 LOW | N/A |
tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2024-02-04 | 1.9 LOW | N/A |
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | |||||
CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2024-02-04 | 4.4 MEDIUM | N/A |
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | |||||
CVE-2012-5303 | 1 Monkey-project | 1 Monkey | 2024-02-04 | 6.9 MEDIUM | N/A |
Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname. | |||||
CVE-2013-4169 | 1 Gnome | 1 Gnome Display Manager | 2024-02-04 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | |||||
CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2024-02-04 | 1.2 LOW | N/A |
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | |||||
CVE-2013-0200 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2024-02-04 | 1.9 LOW | N/A |
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |