Total
1174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2024-08-06 | N/A |
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | ||||
CVE-2014-5045 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-08-06 | N/A |
The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. | ||||
CVE-2014-5031 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2024-08-06 | N/A |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. | ||||
CVE-2014-5029 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2024-08-06 | N/A |
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | ||||
CVE-2014-5030 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2024-08-06 | N/A |
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | ||||
CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2024-08-06 | N/A |
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | ||||
CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2024-08-06 | N/A |
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | ||||
CVE-2014-4877 | 2 Gnu, Redhat | 3 Wget, Enterprise Linux, Rhel Eus | 2024-08-06 | N/A |
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | ||||
CVE-2014-4703 | 1 Nagios | 1 Nagios | 2024-08-06 | N/A |
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | ||||
CVE-2014-4480 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | ||||
CVE-2014-4372 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | ||||
CVE-2014-4199 | 2 Redhat, Vmware | 4 Enterprise Linux, Tools, Vm-support and 1 more | 2024-08-06 | N/A |
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | ||||
CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2024-08-06 | N/A |
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | ||||
CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more | 2024-08-06 | N/A |
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | ||||
CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2024-08-06 | N/A |
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | ||||
CVE-2014-3981 | 1 Php | 1 Php | 2024-08-06 | N/A |
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. | ||||
CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2024-08-06 | N/A |
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. | ||||
CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2024-08-06 | N/A |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | ||||
CVE-2014-3627 | 1 Apache | 1 Hadoop | 2024-08-06 | N/A |
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | ||||
CVE-2014-3563 | 1 Saltstack | 1 Salt | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. |