Total
1390 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 6.3 MEDIUM | N/A |
| CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | |||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2025-04-12 | 4.9 MEDIUM | N/A |
| lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||||
| CVE-2014-3486 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 6.9 MEDIUM | N/A |
| The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. | |||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | 1.9 LOW | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | |||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2025-04-12 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | |||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2025-04-12 | 7.2 HIGH | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2025-04-12 | 4.3 MEDIUM | N/A |
| pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2025-04-12 | 2.4 LOW | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | |||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2025-04-12 | 1.9 LOW | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | |||||
| CVE-2015-5273 | 1 Redhat | 5 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 3.6 LOW | N/A |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. | |||||
| CVE-2015-1196 | 3 Gnu, Opensuse, Oracle | 3 Patch, Opensuse, Solaris | 2025-04-12 | 4.3 MEDIUM | N/A |
| GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||||
| CVE-2014-3537 | 3 Apple, Canonical, Fedoraproject | 3 Cups, Ubuntu Linux, Fedora | 2025-04-12 | 1.2 LOW | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||||
| CVE-2010-5105 | 1 Blender | 1 Blender | 2025-04-12 | 3.3 LOW | N/A |
| The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | |||||
| CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | |||||
| CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2025-04-12 | 4.4 MEDIUM | N/A |
| The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | |||||
| CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | |||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2025-04-12 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2016-9566 | 1 Nagios | 1 Nagios | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | |||||
| CVE-2015-6927 | 1 Openvz | 1 Vzctl | 2025-04-12 | 3.6 LOW | N/A |
| vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. | |||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2025-04-12 | 7.2 HIGH | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | |||||