Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0156 | 1 Puppet | 1 Puppet | 2024-08-07 | N/A |
| Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file. | ||||
| CVE-2010-0118 | 1 Becauseinter | 1 Bournal | 2024-08-07 | N/A |
| Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check. | ||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2024-08-07 | 5.5 Medium |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | ||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2024-08-07 | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | ||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2024-08-07 | 7.5 High |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | ||||
| CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2024-08-07 | N/A |
| LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. | ||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2024-08-06 | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | ||||
| CVE-2011-3870 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-08-06 | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | ||||
| CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-08-06 | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | ||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2024-08-06 | N/A |
| The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | ||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-08-06 | 7.1 High |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | ||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-08-06 | 7.8 High |
| atop: symlink attack possible due to insecure tempfile handling | ||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-08-06 | 7.1 High |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2024-08-06 | N/A |
| hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | ||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2024-08-06 | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | ||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2024-08-06 | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | ||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-08-06 | 5.5 Medium |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-08-06 | 5.5 Medium |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2722 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2024-08-06 | N/A |
| The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. | ||||
| CVE-2011-2684 | 1 Rkkda | 1 Foo2zjs | 2024-08-06 | N/A |
| foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | ||||