Total
1140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2016-06-30 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
| CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2016-05-09 | 2.1 LOW | 3.3 LOW |
| Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2016-01-13 | 7.2 HIGH | 8.4 HIGH |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||||
| CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2015-10-02 | 7.2 HIGH | N/A |
| kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | |||||
| CVE-2015-1377 | 1 Webmin | 1 Webmin | 2015-02-11 | 4.9 MEDIUM | N/A |
| The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2015-01-23 | 4.3 MEDIUM | N/A |
| pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2014-6407 | 1 Docker | 1 Docker | 2014-12-15 | 7.5 HIGH | N/A |
| Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||||
| CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2014-09-08 | 6.3 MEDIUM | N/A |
| The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | |||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2014-09-02 | 3.3 LOW | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | |||||
| CVE-2009-5023 | 1 Fail2ban | 1 Fail2ban | 2014-06-24 | 4.7 MEDIUM | N/A |
| The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | |||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2014-06-09 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | |||||
| CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2014-06-09 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. | |||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2014-05-06 | 4.4 MEDIUM | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||||
| CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2014-05-05 | 6.3 MEDIUM | N/A |
| tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | |||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2014-05-05 | 1.9 LOW | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | |||||
| CVE-2001-1593 | 1 Gnu | 1 A2ps | 2014-05-01 | 2.1 LOW | N/A |
| The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2014-04-23 | 3.3 LOW | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
| CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2014-03-08 | 1.9 LOW | N/A |
| LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. | |||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2014-03-07 | 1.9 LOW | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | |||||
| CVE-2013-6891 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2014-03-06 | 1.2 LOW | N/A |
| lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||||