Total
1273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2024-11-21 | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | ||||
| CVE-2011-4028 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | N/A |
| The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. | ||||
| CVE-2011-3870 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-11-21 | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | ||||
| CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2024-11-21 | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | ||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 7.1 High |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | ||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-11-21 | 7.8 High |
| atop: symlink attack possible due to insecure tempfile handling | ||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2024-11-21 | N/A |
| The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | ||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 7.1 High |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2024-11-21 | N/A |
| hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | ||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2024-11-21 | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | ||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2024-11-21 | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | ||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2765 | 1 Pyro Project | 1 Pyro | 2024-11-21 | N/A |
| pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks. | ||||
| CVE-2011-2722 | 2 Hp, Redhat | 2 Linux Imaging And Printing Project, Enterprise Linux | 2024-11-21 | N/A |
| The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file. | ||||
| CVE-2011-2684 | 1 Rkkda | 1 Foo2zjs | 2024-11-21 | N/A |
| foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | ||||
| CVE-2011-2533 | 1 Freedesktop | 1 Dbus | 2024-11-21 | N/A |
| The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. | ||||
| CVE-2011-2473 | 1 Maynard Johnson | 1 Oprofile | 2024-11-21 | N/A |
| The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to create or overwrite arbitrary files via a crafted --session-dir argument in conjunction with a symlink attack on the opd_pipe file, a different vulnerability than CVE-2011-1760. | ||||
| CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2024-11-21 | N/A |
| Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | ||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2024-11-21 | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | ||||