Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-1423 | 1 Fusionforge | 1 Fusionforge | 2024-02-04 | 6.9 MEDIUM | N/A |
(1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files. | |||||
CVE-2011-2722 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-04 | 1.2 LOW | N/A |
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. | |||||
CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2024-02-04 | 2.6 LOW | N/A |
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | |||||
CVE-2012-6348 | 1 Centrify | 2 Centrify Deployment Manager, Centrify Suite | 2024-02-04 | 3.3 LOW | N/A |
Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. | |||||
CVE-2013-0927 | 1 Google | 1 Chrome Os | 2024-02-04 | 7.5 HIGH | N/A |
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. | |||||
CVE-2013-2029 | 1 Redhat | 1 Openstack | 2024-02-04 | 6.3 MEDIUM | N/A |
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. | |||||
CVE-2012-5564 | 1 Google | 1 Android Debug Bridge | 2024-02-04 | 3.3 LOW | N/A |
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. | |||||
CVE-2011-4028 | 1 X.org | 1 X Server | 2024-02-04 | 1.2 LOW | N/A |
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. | |||||
CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-04 | 2.1 LOW | N/A |
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||||
CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2024-02-04 | 5.6 MEDIUM | N/A |
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | |||||
CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2024-02-04 | 4.4 MEDIUM | N/A |
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | |||||
CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2024-02-04 | 4.0 MEDIUM | N/A |
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | |||||
CVE-2011-3870 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-02-04 | 6.3 MEDIUM | N/A |
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | |||||
CVE-2010-0788 | 1 Ncpfs | 1 Ncpfs | 2024-02-04 | 4.4 MEDIUM | N/A |
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. | |||||
CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2024-02-04 | 6.9 MEDIUM | N/A |
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
CVE-2011-0012 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2024-02-04 | 3.3 LOW | N/A |
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | |||||
CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2024-02-04 | 3.3 LOW | N/A |
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | |||||
CVE-2009-5082 | 2 Gnu, Openwall | 2 Groff, Owl | 2024-02-04 | 3.3 LOW | N/A |
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2010-0789 | 1 Fuse | 1 Fuse | 2024-02-04 | 3.3 LOW | N/A |
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | |||||
CVE-2009-5007 | 1 Cisco | 1 Anyconnect Ssl Vpn | 2024-02-04 | 3.3 LOW | N/A |
The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |