Total
1363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5459 | 3 Opensuse, Oracle, Php | 4 Evergreen, Opensuse, Solaris and 1 more | 2025-04-12 | 3.6 LOW | N/A |
| The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | |||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
| CVE-2014-8585 | 1 W3eden | 1 Download Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | |||||
| CVE-2001-1593 | 1 Gnu | 1 A2ps | 2025-04-12 | 2.1 LOW | N/A |
| The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||||
| CVE-2010-5105 | 1 Blender | 1 Blender | 2025-04-12 | 3.3 LOW | N/A |
| The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | |||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2025-04-12 | 4.4 MEDIUM | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | 1.9 LOW | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | |||||
| CVE-2014-4480 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | |||||
| CVE-2014-5029 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2025-04-12 | 1.5 LOW | N/A |
| The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | |||||
| CVE-2015-0794 | 2 Dracut Project, Opensuse | 2 Dracut, Opensuse | 2025-04-12 | 3.6 LOW | N/A |
| modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | |||||
| CVE-2015-4155 | 1 Gnu | 1 Parallel | 2025-04-12 | 3.6 LOW | N/A |
| GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | 3.3 LOW | N/A |
| lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2025-04-12 | 4.3 MEDIUM | N/A |
| pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2025-04-12 | 3.3 LOW | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | |||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | 4.4 MEDIUM | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | |||||
| CVE-2015-5287 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 6.9 MEDIUM | N/A |
| The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. | |||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2025-04-12 | 4.3 MEDIUM | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2025-04-12 | 7.2 HIGH | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | |||||
| CVE-2011-0460 | 2 Kbd-project, Opensuse | 2 Kbd, Opensuse | 2025-04-12 | 6.3 MEDIUM | N/A |
| The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. | |||||