Total
1289 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2024-11-21 | 5.5 Medium |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | ||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2024-11-21 | 7.5 High |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | ||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 7.1 High |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | ||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-11-21 | 7.8 High |
| atop: symlink attack possible due to insecure tempfile handling | ||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 7.1 High |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2765 | 1 Pyro Project | 1 Pyro | 2024-11-21 | N/A |
| pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks. | ||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | 8.2 High |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | ||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-11-21 | 4.7 Medium |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | ||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 5.5 Medium |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | ||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 4.7 Medium |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | ||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.1 High |
| rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | ||||
| CVE-2010-0398 | 1 Autokey Project | 1 Autokey | 2024-11-21 | 6.5 Medium |
| The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | ||||
| CVE-2009-0035 | 1 Alsa-project | 1 Alsa | 2024-11-21 | 5.5 Medium |
| alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | ||||
| CVE-2008-7273 | 1 Getfiregpg | 1 Iceweasel-firegpg | 2024-11-21 | 7.8 High |
| A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. | ||||
| CVE-2023-20004 | 2024-11-18 | 4.4 Medium | ||
| Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | ||||
| CVE-2021-1491 | 2024-11-18 | N/A | ||
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the file system and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the file system of the underlying operating system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-51721 | 1 Blackberry | 1 Secusuite | 2024-11-13 | 7.3 High |
| A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. | ||||
| CVE-2024-10007 | 1 Github | 1 Enterprise Server | 2024-11-08 | N/A |
| A path collision and arbitrary code execution vulnerability was identified in GitHub Enterprise Server that allowed container escape to escalate to root via ghe-firejail path. Exploitation of this vulnerability requires Enterprise Administrator access to the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise prior to 3.15 and was fixed in versions 3.14.3, 3.13.6, 3.12.11, and 3.11.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||