Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (392 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4455 1 Opencryptoki Project 1 Opencryptoki 2025-04-11 N/A
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
CVE-2012-4454 1 Opencryptoki Project 1 Opencryptoki 2025-04-11 N/A
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
CVE-2009-5081 1 Gnu 1 Groff 2025-04-11 N/A
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
CVE-2009-5044 2 Apple, Gnu 2 Mac Os X, Groff 2025-04-11 N/A
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVE-2012-5530 1 Sgi 1 Performance Co-pilot 2025-04-11 N/A
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
CVE-2012-5509 2 Cloudforms Cloudengine, Redhat 2 1, Cloudforms Cloud Engine 2025-04-11 N/A
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
CVE-2011-1920 2 Ihji, Netbsd 2 Pmake, Netbsd 2025-04-11 N/A
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
CVE-2011-2722 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-11 N/A
The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.
CVE-2013-0200 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-11 N/A
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.
CVE-2012-4417 2 Gluster, Redhat 2 Glusterfs, Storage 2025-04-11 N/A
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2013-0164 1 Redhat 2 Openshift, Openshift Origin 2025-04-11 N/A
The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-0162 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 4 1, Openshift, 1.2 and 1 more 2025-04-11 N/A
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2012-5635 2 Gluster, Redhat 5 Glusterfs, Storage, Storage Management Console and 2 more 2025-04-11 N/A
The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.
CVE-2012-2451 1 Shlomi Fish 1 Config-inifiles 2025-04-11 N/A
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
CVE-2014-1876 2 Oracle, Redhat 5 Openjdk, Enterprise Linux, Network Satellite and 2 more 2025-04-11 N/A
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
CVE-2014-0027 1 Cmu 1 Flite 2025-04-11 N/A
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
CVE-2012-3504 1 Fedoraproject 1 Crypto-utils 2025-04-11 N/A
The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory.
CVE-2012-3355 1 Gnome 1 Rhythmbox 2025-04-11 N/A
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
CVE-2012-1989 2 Puppet, Puppetlabs 3 Puppet, Puppet Enterprise, Puppet 2025-04-11 N/A
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).
CVE-2012-1088 1 Iproute2 Project 1 Iproute2 2025-04-11 N/A
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.