Total
1181 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2024-11-21 | 4.4 MEDIUM | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | |||||
| CVE-2014-1876 | 1 Oracle | 1 Openjdk | 2024-11-21 | 4.4 MEDIUM | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | |||||
| CVE-2014-1875 | 1 Cspan | 1 Capture-tiny | 2024-11-21 | 3.6 LOW | N/A |
| The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1838 | 2 Logilab, Opensuse | 2 Logilab-common, Opensuse | 2024-11-21 | 4.4 MEDIUM | N/A |
| The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf. | |||||
| CVE-2014-1640 | 1 Debian | 1 Axiom | 2024-11-21 | 3.3 LOW | N/A |
| axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1639 | 1 Debian | 1 Syncevolution | 2024-11-21 | 3.3 LOW | N/A |
| syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1638 | 1 Debian | 1 Localepurge | 2024-11-21 | 3.3 LOW | N/A |
| (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2024-11-21 | 3.3 LOW | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
| CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 6.3 MEDIUM | N/A |
| CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | |||||
| CVE-2014-0243 | 1 Check Mk Project | 1 Check Mk | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | |||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2024-11-21 | 3.3 LOW | N/A |
| The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2024-11-21 | 2.4 LOW | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | |||||
| CVE-2013-6891 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2024-11-21 | 1.2 LOW | N/A |
| lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf. | |||||
| CVE-2013-6456 | 2 Fedoraproject, Redhat | 2 Fedora, Libvirt | 2024-11-21 | 5.8 MEDIUM | N/A |
| The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function. | |||||
| CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-11-21 | 2.1 LOW | N/A |
| base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | |||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2024-11-21 | 3.3 LOW | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | |||||
| CVE-2013-4969 | 4 Canonical, Debian, Puppet and 1 more | 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more | 2024-11-21 | 2.1 LOW | N/A |
| Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | |||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | |||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 3.3 LOW | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||