Vulnerabilities (CVE)

Filtered by CWE-59
Total 1271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4676 1 Google 1 Tunnelblick 2025-04-11 1.2 LOW N/A
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
CVE-2012-0808 1 Bdale Garbee 1 As31 2025-04-11 3.6 LOW N/A
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.
CVE-2011-0461 1 Opensuse 1 Opensuse 2025-04-11 6.3 MEDIUM N/A
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab.
CVE-2014-1639 1 Debian 1 Syncevolution 2025-04-11 3.3 LOW N/A
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2011-0012 2 Mozilla, Redhat 2 Firefox, Spice-xpi 2025-04-11 3.3 LOW N/A
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
CVE-2011-2473 1 Maynard Johnson 1 Oprofile 2025-04-11 6.3 MEDIUM N/A
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760.
CVE-2011-3616 1 Conky 1 Conky 2025-04-11 6.3 MEDIUM N/A
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.
CVE-2014-1638 1 Debian 1 Localepurge 2025-04-11 3.3 LOW N/A
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-1624 1 Python 1 Pyxdg 2025-04-11 3.3 LOW N/A
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.
CVE-2011-1072 1 Php 1 Pear 2025-04-11 3.3 LOW N/A
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.
CVE-2013-4157 1 Redhat 1 Storage Server 2025-04-11 3.6 LOW N/A
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.
CVE-2013-4136 2 Phusion, Ruby-lang 2 Passenger, Ruby 2025-04-11 4.4 MEDIUM N/A
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVE-2013-1444 2 Debian, Marc Vertes 2 Txt2man, Txt2man 2025-04-11 3.3 LOW N/A
A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.
CVE-2010-0832 1 Canonical 1 Ubuntu Linux 2025-04-11 6.9 MEDIUM N/A
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
CVE-2011-4363 2 Frii, Perl 2 Proc\, Perl 2025-04-11 2.6 LOW N/A
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
CVE-2011-1920 2 Ihji, Netbsd 2 Pmake, Netbsd 2025-04-11 3.3 LOW N/A
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
CVE-2013-6402 1 Hp 1 Linux Imaging And Printing Project 2025-04-11 2.1 LOW N/A
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
CVE-2011-2533 1 Freedesktop 1 Dbus 2025-04-11 3.3 LOW N/A
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.
CVE-2013-3368 1 Bestpractical 1 Rt 2025-04-11 3.3 LOW N/A
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
CVE-2012-4455 1 Opencryptoki Project 1 Opencryptoki 2025-04-11 6.2 MEDIUM N/A
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.