Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1183 | 1 Sun | 1 Solaris | 2024-02-04 | 3.3 LOW | N/A |
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. | |||||
CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 3.6 LOW | N/A |
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
CVE-2010-2192 | 1 Vincent Fourmond | 1 Pmount | 2024-02-04 | 1.9 LOW | N/A |
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. | |||||
CVE-2010-0792 | 1 Thibault Godouet | 1 Fcron | 2024-02-04 | 1.9 LOW | N/A |
fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||||
CVE-2011-1144 | 1 Php | 1 Pear | 2024-02-04 | 3.3 LOW | N/A |
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | |||||
CVE-2009-1299 | 1 Pulseaudio | 1 Pulseaudio | 2024-02-04 | 6.9 MEDIUM | N/A |
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. | |||||
CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2024-02-04 | 3.3 LOW | N/A |
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
CVE-2010-0424 | 2 Fedorahosted, Paul Vixie | 2 Cronie, Vixie Cron | 2024-02-04 | 3.3 LOW | N/A |
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | |||||
CVE-2010-2027 | 2 Linux, Wolfram Research | 2 Linux Kernel, Mathematica | 2024-02-04 | 1.9 LOW | N/A |
Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf. | |||||
CVE-2012-0054 | 1 Golismero | 1 Golismero | 2024-02-04 | 3.3 LOW | N/A |
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. | |||||
CVE-2011-1004 | 1 Ruby-lang | 1 Ruby | 2024-02-04 | 6.3 MEDIUM | N/A |
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. | |||||
CVE-2011-0727 | 1 Gnome | 1 Gdm | 2024-02-04 | 6.9 MEDIUM | N/A |
GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | |||||
CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-02-04 | 6.3 MEDIUM | N/A |
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | |||||
CVE-2010-1693 | 1 Openfabrics | 1 Enterprise Distribution | 2024-02-04 | 6.3 MEDIUM | N/A |
openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file. | |||||
CVE-2008-4952 | 1 Emacs | 1 Emacs-jabber | 2024-02-04 | 6.9 MEDIUM | N/A |
emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file. | |||||
CVE-2009-1893 | 2 Isc, Redhat | 2 Dhcp, Enterprise Linux | 2024-02-04 | 6.9 MEDIUM | N/A |
The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command. | |||||
CVE-2008-5746 | 1 Sun | 2 Snmp Management Agent, Solaris | 2024-02-04 | 6.9 MEDIUM | N/A |
Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files. | |||||
CVE-2008-4995 | 1 Jose M.vidal | 1 Bk2site | 2024-02-04 | 6.9 MEDIUM | N/A |
redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default. | |||||
CVE-2008-4098 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2024-02-04 | 4.6 MEDIUM | N/A |
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | |||||
CVE-2008-1241 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 4.3 MEDIUM | N/A |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. |