Total
1295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9595 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | N/A |
| A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | ||||
| CVE-2016-8641 | 1 Nagios | 1 Nagios | 2024-11-21 | N/A |
| A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. | ||||
| CVE-2015-3147 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 Medium |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | ||||
| CVE-2015-1869 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | ||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-11-21 | N/A |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | ||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2024-11-21 | N/A |
| clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | ||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-11-21 | N/A |
| lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | ||||
| CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2024-11-21 | N/A |
| The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | ||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2024-11-21 | N/A |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | ||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2024-11-21 | 5.5 Medium |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | ||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2024-11-21 | 5.5 Medium |
| python-rply before 0.7.4 insecurely creates temporary files. | ||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | N/A |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1420 | 1 Canonical | 1 Ubuntu-ui-toolkit | 2024-11-21 | 3.8 Low |
| On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1. | ||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2024-11-21 | N/A |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | ||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 7.5 High |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | ||||
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | ||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2024-11-21 | 5.5 Medium |
| Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | ||||
| CVE-2013-1867 | 1 Apple | 2 Mac Os X, Tokend | 2024-11-21 | 6.1 Medium |
| Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | ||||
| CVE-2013-1866 | 2 Apple, Opensc Project | 2 Mac Os X, Opensc | 2024-11-21 | 6.1 Medium |
| OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | ||||