Total
1043 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2023-12-10 | 6.3 MEDIUM | N/A |
/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | |||||
CVE-2010-3879 | 1 Libfuse Project | 1 Libfuse | 2023-12-10 | 5.8 MEDIUM | N/A |
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. | |||||
CVE-2010-2192 | 1 Vincent Fourmond | 1 Pmount | 2023-12-10 | 1.9 LOW | N/A |
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/. | |||||
CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2023-12-10 | 3.3 LOW | N/A |
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | |||||
CVE-2011-3616 | 1 Conky | 1 Conky | 2023-12-10 | 6.3 MEDIUM | N/A |
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | |||||
CVE-2009-5079 | 1 Gnu | 1 Groff | 2023-12-10 | 3.3 LOW | N/A |
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. | |||||
CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2023-12-10 | 4.4 MEDIUM | N/A |
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | |||||
CVE-2009-4454 | 1 Saini | 1 Videocache | 2023-12-10 | 3.3 LOW | N/A |
vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log. | |||||
CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2023-12-10 | 4.4 MEDIUM | N/A |
Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | |||||
CVE-2010-1183 | 1 Sun | 1 Solaris | 2023-12-10 | 3.3 LOW | N/A |
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. | |||||
CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2023-12-10 | 4.0 MEDIUM | N/A |
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | |||||
CVE-2011-0402 | 1 Debian | 1 Dpkg | 2023-12-10 | 6.8 MEDIUM | N/A |
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | |||||
CVE-2012-0054 | 1 Golismero | 1 Golismero | 2023-12-10 | 3.3 LOW | N/A |
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. | |||||
CVE-2011-1031 | 1 Feh Project | 1 Feh | 2023-12-10 | 3.3 LOW | N/A |
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702. | |||||
CVE-2011-0541 | 1 Fuse | 1 Fuse | 2023-12-10 | 3.3 LOW | N/A |
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | |||||
CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2023-12-10 | 3.3 LOW | N/A |
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | |||||
CVE-2011-4617 | 1 Python | 1 Virtualenv | 2023-12-10 | 1.2 LOW | N/A |
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | |||||
CVE-2010-2053 | 1 Emesene | 1 Emesene | 2023-12-10 | 3.3 LOW | N/A |
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file. | |||||
CVE-2010-0424 | 2 Fedorahosted, Paul Vixie | 2 Cronie, Vixie Cron | 2023-12-10 | 3.3 LOW | N/A |
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. | |||||
CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2023-12-10 | 1.9 LOW | N/A |
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. |