Total
1174 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4155 | 1 Gnu | 1 Parallel | 2024-08-06 | N/A |
| GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2024-08-06 | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2015-3759 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
| Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | ||||
| CVE-2015-3436 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2024-08-06 | N/A |
| provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. | ||||
| CVE-2015-3629 | 3 Docker, Opensuse, Redhat | 3 Libcontainer, Opensuse, Rhel Extras Other | 2024-08-06 | 7.8 High |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | ||||
| CVE-2015-3627 | 2 Docker, Redhat | 3 Docker, Libcontainer, Rhel Extras Other | 2024-08-06 | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | ||||
| CVE-2015-3315 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-08-06 | N/A |
| Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. | ||||
| CVE-2015-3147 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-08-06 | 6.5 Medium |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | ||||
| CVE-2015-3211 | 1 Php-fpm | 1 Php-fpm | 2024-08-06 | N/A |
| php-fpm allows local users to write to or create arbitrary files via a symlink attack. | ||||
| CVE-2015-3149 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2024-08-06 | N/A |
| The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. | ||||
| CVE-2015-3156 | 1 Openstack | 1 Trove | 2024-08-06 | N/A |
| The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file. | ||||
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | ||||
| CVE-2015-1869 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-08-06 | 7.8 High |
| The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | ||||
| CVE-2015-1377 | 1 Webmin | 1 Webmin | 2024-08-06 | N/A |
| The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | ||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2024-08-06 | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | ||||
| CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-08-06 | N/A |
| kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | ||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2024-08-06 | N/A |
| lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | ||||
| CVE-2015-1197 | 1 Gnu | 1 Cpio | 2024-08-06 | N/A |
| cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | ||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2024-08-06 | N/A |
| pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | ||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2024-08-06 | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | ||||