ReportizFlow
Filtered by vendor
Subscriptions
Total
1452 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4664 | 2 Fwbuilder, Linux | 2 Firewall Builder, Linux Kernel | 2025-04-11 | N/A |
| Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script. | ||||
| CVE-2009-1299 | 1 Pulseaudio | 1 Pulseaudio | 2025-04-11 | N/A |
| The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. | ||||
| CVE-2014-1640 | 1 Debian | 1 Axiom | 2025-04-11 | N/A |
| axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | ||||
| CVE-2011-0402 | 1 Debian | 1 Dpkg | 2025-04-11 | N/A |
| dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | ||||
| CVE-2014-1876 | 2 Oracle, Redhat | 5 Openjdk, Enterprise Linux, Network Satellite and 2 more | 2025-04-11 | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||||
| CVE-2010-0118 | 1 Becauseinter | 1 Bournal | 2025-04-11 | N/A |
| Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | ||||
| CVE-2010-3847 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2025-04-11 | N/A |
| elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||||
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2025-04-11 | N/A |
| The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | ||||
| CVE-2011-0441 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. | ||||
| CVE-2012-5564 | 1 Google | 1 Android Debug Bridge | 2025-04-11 | N/A |
| android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. | ||||
| CVE-2011-1144 | 1 Php | 1 Pear | 2025-04-11 | N/A |
| The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | ||||
| CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2025-04-11 | N/A |
| The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | ||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2025-04-11 | N/A |
| The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-1626 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-11 | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||||
| CVE-2010-0792 | 1 Thibault Godouet | 1 Fcron | 2025-04-11 | N/A |
| fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file. | ||||
| CVE-2012-0808 | 1 Bdale Garbee | 1 As31 | 2025-04-11 | N/A |
| as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | ||||
| CVE-2010-0788 | 1 Ncpfs | 1 Ncpfs | 2025-04-11 | N/A |
| ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs. | ||||
| CVE-2012-6348 | 1 Centrify | 2 Centrify Deployment Manager, Centrify Suite | 2025-04-11 | N/A |
| Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file. | ||||
| CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | N/A |
| base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | ||||
| CVE-2012-3345 | 1 Ioquake3 | 1 Ioquake3 Engine | 2025-04-11 | N/A |
| ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. | ||||