Search Results (1809 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1593 1 Gnu 1 A2ps 2025-04-12 N/A
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-4372 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
CVE-2014-3981 1 Php 1 Php 2025-04-12 N/A
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
CVE-2015-1377 1 Webmin 1 Webmin 2025-04-12 N/A
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVE-2012-0871 2 Opensuse, Systemd Project 2 Opensuse, Systemd 2025-04-12 N/A
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
CVE-2011-0460 2 Kbd-project, Opensuse 2 Kbd, Opensuse 2025-04-12 N/A
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
CVE-2015-3629 3 Docker, Opensuse, Redhat 3 Libcontainer, Opensuse, Rhel Extras Other 2025-04-12 7.8 High
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
CVE-2015-0858 2 Debian, Tardiff Project 2 Debian Linux, Tardiff 2025-04-12 N/A
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.
CVE-2010-5105 1 Blender 1 Blender 2025-04-12 N/A
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
CVE-2014-4199 2 Redhat, Vmware 4 Enterprise Linux, Tools, Vm-support and 1 more 2025-04-12 N/A
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
CVE-2015-6927 1 Openvz 1 Vzctl 2025-04-12 N/A
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.
CVE-2014-3977 1 Ibm 2 Aix, Vios 2025-04-12 N/A
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2016-9566 2 Nagios, Redhat 3 Nagios, Openstack, Storage 2025-04-12 N/A
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVE-2013-4262 1 Apache 1 Subversion 2025-04-12 N/A
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.
CVE-2013-0350 1 David Leonard 1 Pkstat 2025-04-12 N/A
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
CVE-2016-3096 2 Fedoraproject, Redhat 2 Fedora, Ansible 2025-04-12 N/A
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.
CVE-2014-1875 1 Cspan 1 Capture-tiny 2025-04-12 N/A
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-1272 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
CVE-2015-1194 1 Pax Project 1 Pax 2025-04-12 N/A
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-6566 2 Fedoraproject, Zarafa 2 Fedora, Zarafa Collaboration Platform 2025-04-12 N/A
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.