Total
1383 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1495 | 1 Oracle | 1 Support Tools | 2025-04-11 | N/A |
| asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp. | ||||
| CVE-2011-2722 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2025-04-11 | N/A |
| The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. | ||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2025-04-11 | N/A |
| The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2025-04-11 | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | ||||
| CVE-2012-6348 | 1 Centrify | 2 Centrify Deployment Manager, Centrify Suite | 2025-04-11 | N/A |
| Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. | ||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2025-04-11 | N/A |
| hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | ||||
| CVE-2013-2561 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2025-04-11 | N/A |
| OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. | ||||
| CVE-2011-5146 | 1 Ingumadev | 1 Bokken | 2025-04-11 | N/A |
| Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot. | ||||
| CVE-2010-3691 | 1 Apereo | 1 Phpcas | 2025-04-11 | N/A |
| PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. | ||||
| CVE-2013-0927 | 1 Google | 1 Chrome Os | 2025-04-11 | N/A |
| Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2009-5081 | 1 Gnu | 1 Groff | 2025-04-11 | N/A |
| The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. | ||||
| CVE-2013-4157 | 1 Redhat | 2 Storage, Storage Server | 2025-04-11 | N/A |
| Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | ||||
| CVE-2011-0012 | 2 Mozilla, Redhat | 3 Firefox, Enterprise Linux, Spice-xpi | 2025-04-11 | N/A |
| The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | ||||
| CVE-2011-1072 | 2 Php, Redhat | 2 Pear, Enterprise Linux | 2025-04-11 | N/A |
| The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | ||||
| CVE-2009-5080 | 1 Gnu | 1 Groff | 2025-04-11 | N/A |
| The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. | ||||
| CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2025-04-11 | N/A |
| The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | ||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2025-04-11 | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | ||||
| CVE-2014-1638 | 1 Debian | 1 Localepurge | 2025-04-11 | N/A |
| (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | ||||
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | N/A |
| The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | ||||
| CVE-2011-0702 | 1 Feh Project | 1 Feh | 2025-04-11 | N/A |
| The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file. | ||||