Filtered by CWE-367
Total 492 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-2893 2 Llvm, Opensuse 2 Clang, Opensuse 2025-04-12 N/A
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.
CVE-2014-0135 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Kafo 2025-04-12 N/A
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
CVE-2013-6435 3 Debian, Redhat, Rpm 5 Debian Linux, Enterprise Linux, Rhel Eus and 2 more 2025-04-12 N/A
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
CVE-2016-6130 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-12 N/A
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.
CVE-2013-6418 1 Pywbem Project 1 Pywbem 2025-04-12 N/A
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
CVE-2015-8767 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 N/A
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2001-1593 1 Gnu 1 A2ps 2025-04-12 N/A
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2025-27812 2025-04-11 8.1 High
MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.
CVE-2025-23359 2025-04-11 8.3 High
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2013-4169 2 Gnome, Redhat 2 Gnome Display Manager, Enterprise Linux 2025-04-11 N/A
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
CVE-2013-3888 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-11 8.4 High
dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
CVE-2011-1833 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-11 N/A
Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.
CVE-2013-0219 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-04-11 N/A
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
CVE-2011-1098 2 Gentoo, Redhat 2 Logrotate, Enterprise Linux 2025-04-11 N/A
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
CVE-2010-0085 2 Redhat, Sun 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
CVE-2012-3500 2 Devscripts Devel Team, Fedora 2 Devscripts, Rpmdevtools 2025-04-11 N/A
scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.
CVE-2014-1624 1 Python 1 Pyxdg 2025-04-11 N/A
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.
CVE-2014-1490 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-11 N/A
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
CVE-2012-3440 2 Redhat, Todd Miller 2 Enterprise Linux, Sudo 2025-04-11 N/A
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2012-2652 1 Qemu 1 Qemu 2025-04-11 N/A
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.