Total
1092 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0517 | 1 Mgetty Project | 1 Mgetty | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files. | |||||
CVE-2004-0217 | 2 Redhat, Symantec | 2 Linux, Antivirus Scan Engine | 2024-02-04 | 3.7 LOW | 7.0 HIGH |
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | |||||
CVE-2002-2323 | 1 Sun | 1 Solaris Pc Netlink | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | |||||
CVE-2000-1178 | 1 Joseph Allen | 1 Joe | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. | |||||
CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | |||||
CVE-2001-1494 | 2 Avaya, Kernel | 7 Cvlan, Integrated Management Suit, Interactive Response and 4 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | |||||
CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
CVE-2002-0824 | 1 Freebsd | 1 Point-to-point Protocol Daemon | 2024-02-04 | 6.9 MEDIUM | N/A |
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device. | |||||
CVE-2002-2374 | 1 Sun | 1 Patchpro | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | |||||
CVE-2003-1492 | 2 Mozilla, Netscape | 2 Firefox, Navigator | 2024-02-04 | 5.0 MEDIUM | N/A |
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end. | |||||
CVE-2001-1378 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 2.1 LOW | N/A |
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | |||||
CVE-2015-3629 | 2 Docker, Opensuse | 2 Libcontainer, Opensuse | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. |