Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2024-08-06 | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | ||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2024-08-06 | N/A |
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | ||||
| CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2024-08-06 | N/A |
| Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | ||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2024-08-06 | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | ||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-08-06 | 8.2 High |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | ||||
| CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2024-08-06 | N/A |
| The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | ||||
| CVE-2011-1073 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2024-08-06 | N/A |
| crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files. | ||||
| CVE-2011-1144 | 1 Php | 1 Pear | 2024-08-06 | N/A |
| The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | ||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-08-06 | 4.7 Medium |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | ||||
| CVE-2011-1072 | 2 Php, Redhat | 2 Pear, Enterprise Linux | 2024-08-06 | N/A |
| The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519. | ||||
| CVE-2011-1004 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2024-08-06 | N/A |
| The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. | ||||
| CVE-2011-0754 | 2 Microsoft, Php | 2 Windows, Php | 2024-08-06 | N/A |
| The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check. | ||||
| CVE-2011-0727 | 2 Gnome, Redhat | 2 Gdm, Enterprise Linux | 2024-08-06 | N/A |
| GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/. | ||||
| CVE-2011-0541 | 2 Fuse, Redhat | 2 Fuse, Enterprise Linux | 2024-08-06 | N/A |
| fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | ||||
| CVE-2011-0402 | 1 Debian | 1 Dpkg | 2024-08-06 | N/A |
| dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. | ||||
| CVE-2011-0441 | 1 Php | 1 Php | 2024-08-06 | N/A |
| The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. | ||||
| CVE-2011-0461 | 1 Opensuse | 1 Opensuse | 2024-08-06 | N/A |
| /etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab. | ||||
| CVE-2011-0460 | 2 Kbd-project, Opensuse | 2 Kbd, Opensuse | 2024-08-06 | N/A |
| The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. | ||||
| CVE-2011-0007 | 1 Troglobit | 1 Pimd | 2024-08-06 | N/A |
| pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | ||||
| CVE-2011-0012 | 2 Mozilla, Redhat | 3 Firefox, Enterprise Linux, Spice-xpi | 2024-08-06 | N/A |
| The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | ||||