Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2024-08-06 | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | ||||
| CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
| CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | ||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2024-08-06 | N/A |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | ||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2024-08-06 | N/A |
| The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-8860 | 1 Nodejs | 1 Node.js | 2024-08-06 | N/A |
| The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | ||||
| CVE-2015-8326 | 1 Iptables-parse Project | 1 Iptables-parse Module | 2024-08-06 | N/A |
| The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | ||||
| CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2024-08-06 | N/A |
| Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | ||||
| CVE-2015-7723 | 1 Amd | 1 Fglrx-driver | 2024-08-06 | N/A |
| AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | ||||
| CVE-2015-7724 | 1 Amd | 1 Fglrx-driver | 2024-08-06 | N/A |
| AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | ||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 9 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2024-08-06 | 7.8 High |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | ||||
| CVE-2015-6927 | 1 Openvz | 1 Vzctl | 2024-08-06 | N/A |
| vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. | ||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2024-08-06 | N/A |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | ||||
| CVE-2015-6240 | 1 Redhat | 1 Ansible | 2024-08-06 | N/A |
| The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | ||||
| CVE-2015-5752 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
| Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | ||||
| CVE-2015-5705 | 2 Devscripts Devel Team, Fedoraproject | 2 Devscripts, Fedora | 2024-08-06 | N/A |
| Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | ||||
| CVE-2015-5701 | 1 Tug | 1 Texlive | 2024-08-06 | N/A |
| mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. | ||||
| CVE-2015-5700 | 1 Tug | 1 Texlive | 2024-08-06 | N/A |
| mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | ||||
| CVE-2015-5602 | 1 Sudo Project | 1 Sudo | 2024-08-06 | N/A |
| sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | ||||
| CVE-2015-5287 | 1 Redhat | 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-08-06 | N/A |
| The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. | ||||
| CVE-2015-5273 | 1 Redhat | 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-08-06 | N/A |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | ||||