Total
1341 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-5080 | 1 Gnu | 1 Groff | 2025-04-11 | N/A |
| The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. | ||||
| CVE-2012-1088 | 1 Iproute2 Project | 1 Iproute2 | 2025-04-11 | N/A |
| iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. | ||||
| CVE-2010-1183 | 1 Sun | 1 Solaris | 2025-04-11 | N/A |
| Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. | ||||
| CVE-2010-1160 | 1 Gnu | 1 Nano | 2025-04-11 | N/A |
| GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. | ||||
| CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | ||||
| CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2025-04-11 | N/A |
| The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | ||||
| CVE-2010-2053 | 1 Emesene | 1 Emesene | 2025-04-11 | N/A |
| emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file. | ||||
| CVE-2010-0546 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | ||||
| CVE-2022-36943 | 1 Ssziparchive Project | 1 Ssziparchive | 2025-04-10 | 8.1 High |
| SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. | ||||
| CVE-2008-0167 | 2 Debian, Gforge | 2 Debian Linux, Gforge | 2025-04-09 | N/A |
| The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. | ||||
| CVE-2008-1684 | 1 Sun | 1 Solaris | 2025-04-09 | N/A |
| inetd on Sun Solaris 10, when debug logging is enabled, allows local users to write to arbitrary files via a symlink attack on the /var/tmp/inetd.log temporary file. | ||||
| CVE-2008-0163 | 1 Linux | 1 Linux Kernel | 2025-04-09 | N/A |
| Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. | ||||
| CVE-2007-6208 | 1 Claws Mail | 1 Claws Mail Tools | 2025-04-09 | N/A |
| sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. | ||||
| CVE-2007-6061 | 1 Audacityteam | 1 Audacity | 2025-04-09 | N/A |
| Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | ||||
| CVE-2008-4993 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2025-04-09 | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | ||||
| CVE-2007-5495 | 2 Redhat, Selinux | 3 Enterprise Linux, Enterprise Linux Desktop, Setroubleshoot | 2025-04-09 | N/A |
| sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. | ||||
| CVE-2007-5839 | 1 Bitchx | 1 Bitchx | 2025-04-09 | N/A |
| The e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command. | ||||
| CVE-2009-4454 | 1 Saini | 1 Videocache | 2025-04-09 | N/A |
| vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log. | ||||
| CVE-2009-4030 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-09 | N/A |
| MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079. | ||||
| CVE-2007-5718 | 2 Debian, Vobcopy | 2 Debian Linux, Vobcopy | 2025-04-09 | N/A |
| vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file. | ||||