Total
1271 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2025-04-11 | 1.2 LOW | N/A |
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | |||||
CVE-2012-0808 | 1 Bdale Garbee | 1 As31 | 2025-04-11 | 3.6 LOW | N/A |
as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | |||||
CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 6.3 MEDIUM | N/A |
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | |||||
CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2025-04-11 | 3.3 LOW | N/A |
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
CVE-2011-0012 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2025-04-11 | 3.3 LOW | N/A |
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | |||||
CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | 6.3 MEDIUM | N/A |
The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | |||||
CVE-2011-3616 | 1 Conky | 1 Conky | 2025-04-11 | 6.3 MEDIUM | N/A |
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | |||||
CVE-2014-1638 | 1 Debian | 1 Localepurge | 2025-04-11 | 3.3 LOW | N/A |
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
CVE-2014-1624 | 1 Python | 1 Pyxdg | 2025-04-11 | 3.3 LOW | N/A |
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
CVE-2011-1072 | 1 Php | 1 Pear | 2025-04-11 | 3.3 LOW | N/A |
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | |||||
CVE-2013-4157 | 1 Redhat | 1 Storage Server | 2025-04-11 | 3.6 LOW | N/A |
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | |||||
CVE-2013-4136 | 2 Phusion, Ruby-lang | 2 Passenger, Ruby | 2025-04-11 | 4.4 MEDIUM | N/A |
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | |||||
CVE-2013-1444 | 2 Debian, Marc Vertes | 2 Txt2man, Txt2man | 2025-04-11 | 3.3 LOW | N/A |
A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222. | |||||
CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2025-04-11 | 2.6 LOW | N/A |
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | |||||
CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2025-04-11 | 3.3 LOW | N/A |
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | 2.1 LOW | N/A |
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||||
CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2025-04-11 | 3.3 LOW | N/A |
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | |||||
CVE-2013-3368 | 1 Bestpractical | 1 Rt | 2025-04-11 | 3.3 LOW | N/A |
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. | |||||
CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | 6.2 MEDIUM | N/A |
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. |