Total
1347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4108 | 1 Python Software Foundation | 1 Python | 2025-04-09 | 7.2 HIGH | N/A |
| Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. | |||||
| CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 4.4 MEDIUM | N/A |
| Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
| CVE-2009-0313 | 1 Kegel | 1 Winetricks | 2025-04-09 | 6.9 MEDIUM | N/A |
| winetricks before 20081223 allows local users to overwrite arbitrary files via a symlink attack on the x_showmenu.txt temporary file. | |||||
| CVE-2008-4098 | 4 Canonical, Debian, Mysql and 1 more | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2025-04-09 | 4.6 MEDIUM | N/A |
| MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097. | |||||
| CVE-2008-2389 | 1 Opensuse | 1 Opensuse | 2025-04-09 | 4.9 MEDIUM | N/A |
| opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. | |||||
| CVE-2008-5256 | 1 Virtualox | 1 Virtualox | 2025-04-09 | 4.4 MEDIUM | N/A |
| The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file. | |||||
| CVE-2008-4191 | 1 Emacspeak Inc | 1 Emacspeak | 2025-04-09 | 6.6 MEDIUM | N/A |
| extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file. | |||||
| CVE-2008-4990 | 1 Enomaly | 1 Elastic Computing Platform | 2025-04-09 | 6.9 MEDIUM | N/A |
| Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file. | |||||
| CVE-2007-2978 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2007-6061 | 1 Audacityteam | 1 Audacity | 2025-04-09 | 5.0 MEDIUM | N/A |
| Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack. | |||||
| CVE-2008-4935 | 1 Amiga | 1 Aview | 2025-04-09 | 6.9 MEDIUM | N/A |
| asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file. | |||||
| CVE-2008-5366 | 1 Marco D\'itri | 1 Ppp | 2025-04-09 | 6.9 MEDIUM | N/A |
| The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. | |||||
| CVE-2008-3931 | 1 R Foundation | 1 R | 2025-04-09 | 6.9 MEDIUM | N/A |
| javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2008-4981 | 1 Remi Vanicat | 1 Realtimebattle | 2025-04-09 | 6.9 MEDIUM | N/A |
| perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl.robot.log temporary file. | |||||
| CVE-2008-5135 | 1 Debian | 1 Os-prober | 2025-04-09 | 6.2 MEDIUM | N/A |
| os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users. | |||||
| CVE-2008-0665 | 1 Website Meta Language | 1 Website Meta Language | 2025-04-09 | 3.6 LOW | N/A |
| wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | |||||
| CVE-2008-3928 | 1 Debian | 1 Honeyd Common | 2025-04-09 | 6.9 MEDIUM | N/A |
| test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2009-1753 | 1 Emn | 1 Coccinelle | 2025-04-09 | 3.3 LOW | N/A |
| Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file." | |||||
| CVE-2008-5151 | 1 Abottoms | 1 Mayavi | 2025-04-09 | 6.9 MEDIUM | N/A |
| test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file. | |||||
| CVE-2008-4997 | 1 Pilot-qof | 1 Datafreedom-perl | 2025-04-09 | 6.9 MEDIUM | N/A |
| dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage. | |||||