Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4173 | 1 Openfabrics | 1 Libsdp | 2024-02-04 | 3.3 LOW | N/A |
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file. | |||||
CVE-2012-0808 | 1 Bdale Garbee | 1 As31 | 2024-02-04 | 3.6 LOW | N/A |
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | |||||
CVE-2009-4454 | 1 Saini | 1 Videocache | 2024-02-04 | 3.3 LOW | N/A |
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log. | |||||
CVE-2010-2794 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2024-02-04 | 3.3 LOW | N/A |
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file. | |||||
CVE-2011-0702 | 1 Feh Project | 1 Feh | 2024-02-04 | 3.3 LOW | N/A |
The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | |||||
CVE-2010-0156 | 1 Puppet | 1 Puppet | 2024-02-04 | 3.3 LOW | N/A |
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. | |||||
CVE-2011-1072 | 1 Php | 1 Pear | 2024-02-04 | 3.3 LOW | N/A |
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | |||||
CVE-2011-0017 | 1 Exim | 1 Exim | 2024-02-04 | 6.9 MEDIUM | N/A |
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | |||||
CVE-2009-5080 | 1 Gnu | 1 Groff | 2024-02-04 | 3.3 LOW | N/A |
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. | |||||
CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2024-02-04 | 6.3 MEDIUM | N/A |
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | |||||
CVE-2010-0118 | 1 Becauseinter | 1 Bournal | 2024-02-04 | 3.3 LOW | N/A |
Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | |||||
CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2024-02-04 | 4.4 MEDIUM | N/A |
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | |||||
CVE-2011-3616 | 1 Conky | 1 Conky | 2024-02-04 | 6.3 MEDIUM | N/A |
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | |||||
CVE-2010-4338 | 2 Debian, Jwilk | 2 Linux, Ocrodjvu | 2024-02-04 | 6.2 MEDIUM | N/A |
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine. | |||||
CVE-2011-1073 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2024-02-04 | 1.9 LOW | N/A |
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | |||||
CVE-2009-4664 | 2 Fwbuilder, Linux | 2 Firewall Builder, Linux Kernel | 2024-02-04 | 3.3 LOW | N/A |
Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. | |||||
CVE-2010-3879 | 1 Libfuse Project | 1 Libfuse | 2024-02-04 | 5.8 MEDIUM | N/A |
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. | |||||
CVE-2010-3691 | 1 Apereo | 1 Phpcas | 2024-02-04 | 3.3 LOW | N/A |
PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2010-0546 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 3.3 LOW | N/A |
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | |||||
CVE-2009-5079 | 1 Gnu | 1 Groff | 2024-02-04 | 3.3 LOW | N/A |
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. |