Search Results (8928 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0189 2 Redhat, Virt-who Project 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more 2025-04-12 N/A
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
CVE-2014-1838 2 Logilab, Opensuse 2 Logilab-common, Opensuse 2025-04-12 N/A
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
CVE-2014-1875 1 Cspan 1 Capture-tiny 2025-04-12 N/A
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-1932 2 Python, Pythonware 2 Pillow, Python Imaging Library 2025-04-12 N/A
The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.
CVE-2014-2524 4 Fedoraproject, Gnu, Mageia and 1 more 4 Fedora, Readline, Mageia and 1 more 2025-04-12 N/A
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-3423 2 Gnu, Mageia Project 2 Emacs, Mageia 2025-04-12 N/A
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
CVE-2014-3424 2 Gnu, Mageia Project 2 Emacs, Mageia 2025-04-12 N/A
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
CVE-2014-3486 1 Redhat 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2025-04-12 N/A
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.
CVE-2014-3537 4 Apple, Canonical, Fedoraproject and 1 more 4 Cups, Ubuntu Linux, Fedora and 1 more 2025-04-12 N/A
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
CVE-2014-3561 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.
CVE-2014-3563 1 Saltstack 1 Salt 2025-04-12 N/A
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.
CVE-2014-3627 1 Apache 1 Hadoop 2025-04-12 N/A
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.
CVE-2014-4372 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.
CVE-2014-4480 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-5260 1 Xml-dt Project 1 Xml-dt 2025-04-12 N/A
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
CVE-2014-7816 2 Microsoft, Redhat 2 Windows, Undertow 2025-04-12 N/A
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2014-9687 1 Ecryptfs 1 Ecryptfs-utils 2025-04-12 N/A
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
CVE-2014-9717 1 Linux 1 Linux Kernel 2025-04-12 N/A
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
CVE-2015-0556 2 Arj Software, Fedoraproject 2 Arj Archiver, Fedora 2025-04-12 N/A
Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
CVE-2015-1038 3 7-zip, Fedoraproject, Oracle 3 P7zip, Fedora, Solaris 2025-04-12 N/A
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.