Total
1273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2024-11-21 | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | ||||
| CVE-2013-4969 | 4 Canonical, Debian, Puppet and 1 more | 4 Ubuntu Linux, Debian Linux, Puppet Enterprise and 1 more | 2024-11-21 | N/A |
| Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | ||||
| CVE-2013-4655 | 1 Belkin | 2 N900, N900 Firmware | 2024-11-21 | 7.5 High |
| Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service. | ||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2024-11-21 | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
| CVE-2013-4392 | 1 Systemd Project | 1 Systemd | 2024-11-21 | N/A |
| systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. | ||||
| CVE-2013-4364 | 1 Redhat | 1 Openshift | 2024-11-21 | N/A |
| (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | ||||
| CVE-2013-4262 | 1 Apache | 1 Subversion | 2024-11-21 | N/A |
| svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | ||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2024-11-21 | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | ||||
| CVE-2013-4214 | 2 Nagios, Redhat | 2 Nagios, Openstack | 2024-11-21 | N/A |
| rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. | ||||
| CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2024-11-21 | 5.5 Medium |
| Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | ||||
| CVE-2013-4169 | 2 Gnome, Redhat | 2 Gnome Display Manager, Enterprise Linux | 2024-11-21 | N/A |
| GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | ||||
| CVE-2013-4157 | 1 Redhat | 2 Storage, Storage Server | 2024-11-21 | N/A |
| Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | ||||
| CVE-2013-4136 | 3 Phusion, Redhat, Ruby-lang | 3 Passenger, Openshift, Ruby | 2024-11-21 | N/A |
| ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. | ||||
| CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2024-11-21 | N/A |
| lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | ||||
| CVE-2013-3368 | 1 Bestpractical | 1 Rt | 2024-11-21 | N/A |
| bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. | ||||
| CVE-2013-2561 | 2 Openfabrics, Redhat | 2 Ibutils, Enterprise Linux | 2024-11-21 | N/A |
| OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/. | ||||
| CVE-2013-2217 | 3 Jeff Ortel, Opensuse, Redhat | 3 Suds, Opensuse, Enterprise Linux | 2024-11-21 | N/A |
| cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. | ||||
| CVE-2013-2142 | 1 Libimobiledevice | 1 Libimobiledevice | 2024-11-21 | N/A |
| userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. | ||||
| CVE-2013-2105 | 1 Jonathan Leung | 1 Show In Browser | 2024-11-21 | N/A |
| The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. | ||||