Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | ||||
| CVE-2014-3537 | 4 Apple, Canonical, Fedoraproject and 1 more | 4 Cups, Ubuntu Linux, Fedora and 1 more | 2025-04-12 | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | ||||
| CVE-2014-4480 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | ||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | ||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2025-04-12 | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | ||||
| CVE-2009-5023 | 1 Fail2ban | 1 Fail2ban | 2025-04-12 | N/A |
| The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | ||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2025-04-12 | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | ||||
| CVE-2014-1934 | 2 Opensuse, Travis Shirk | 2 Opensuse, Eyed3 | 2025-04-12 | N/A |
| tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | ||||
| CVE-2014-1875 | 1 Cspan | 1 Capture-tiny | 2025-04-12 | N/A |
| The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | ||||
| CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2025-04-12 | N/A |
| lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | ||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2025-04-12 | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | ||||
| CVE-2014-3422 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | N/A |
| lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | ||||
| CVE-2014-3423 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2025-04-12 | N/A |
| lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | ||||
| CVE-2014-3563 | 1 Saltstack | 1 Salt | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | ||||
| CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | N/A |
| libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | ||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2025-04-12 | N/A |
| include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | ||||
| CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more | 2025-04-12 | N/A |
| ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | ||||
| CVE-2014-5030 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2025-04-12 | N/A |
| CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | ||||
| CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2025-04-12 | N/A |
| tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | ||||