Total
1318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | 4.4 MEDIUM | N/A |
| The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | |||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2025-04-11 | 1.2 LOW | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | |||||
| CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2025-04-11 | 1.2 LOW | N/A |
| The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | |||||
| CVE-2012-0808 | 1 Bdale Garbee | 1 As31 | 2025-04-11 | 3.6 LOW | N/A |
| as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | |||||
| CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 6.3 MEDIUM | N/A |
| /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | |||||
| CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2025-04-11 | 3.3 LOW | N/A |
| syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2011-0012 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2025-04-11 | 3.3 LOW | N/A |
| The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | |||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | 6.3 MEDIUM | N/A |
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | |||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2025-04-11 | 6.3 MEDIUM | N/A |
| The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | |||||
| CVE-2014-1638 | 1 Debian | 1 Localepurge | 2025-04-11 | 3.3 LOW | N/A |
| (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2025-04-11 | 3.3 LOW | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
| CVE-2011-1072 | 1 Php | 1 Pear | 2025-04-11 | 3.3 LOW | N/A |
| The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | |||||
| CVE-2013-4157 | 1 Redhat | 1 Storage Server | 2025-04-11 | 3.6 LOW | N/A |
| Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | |||||
| CVE-2013-4136 | 2 Phusion, Ruby-lang | 2 Passenger, Ruby | 2025-04-11 | 4.4 MEDIUM | N/A |
| ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | |||||
| CVE-2013-1444 | 2 Debian, Marc Vertes | 2 Txt2man, Txt2man | 2025-04-11 | 3.3 LOW | N/A |
| A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222. | |||||
| CVE-2010-0832 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 6.9 MEDIUM | N/A |
| pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file. | |||||
| CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2025-04-11 | 2.6 LOW | N/A |
| ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | |||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2025-04-11 | 3.3 LOW | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
| CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | 2.1 LOW | N/A |
| base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2025-04-11 | 3.3 LOW | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | |||||