Search Results (1825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1038 3 7-zip, Fedoraproject, Oracle 3 P7zip, Fedora, Solaris 2025-04-12 N/A
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-1194 1 Pax Project 1 Pax 2025-04-12 N/A
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-1196 3 Gnu, Opensuse, Oracle 3 Patch, Opensuse, Solaris 2025-04-12 N/A
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1197 1 Gnu 1 Cpio 2025-04-12 N/A
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
CVE-2015-1331 1 Linuxcontainers 1 Lxc 2025-04-12 N/A
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2015-1335 2 Canonical, Linuxcontainers 2 Ubuntu Linux, Lxc 2025-04-12 N/A
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
CVE-2015-1338 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2025-04-12 N/A
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
CVE-2015-3436 1 Zarafa 1 Zarafa Collaboration Platform 2025-04-12 N/A
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2015-3759 1 Apple 1 Iphone Os 2025-04-12 N/A
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
CVE-2014-1272 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
CVE-2014-1838 2 Logilab, Opensuse 2 Logilab-common, Opensuse 2025-04-12 N/A
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.
CVE-2013-4472 1 Freedesktop 1 Poppler 2025-04-12 N/A
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2013-6456 2 Fedoraproject, Redhat 2 Fedora, Libvirt 2025-04-12 N/A
The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.
CVE-2013-7393 1 Apache 1 Subversion 2025-04-12 N/A
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).
CVE-2016-9566 2 Nagios, Redhat 3 Nagios, Openstack, Storage 2025-04-12 N/A
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVE-2015-4155 1 Gnu 1 Parallel 2025-04-12 N/A
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2012-0871 2 Opensuse, Systemd Project 2 Opensuse, Systemd 2025-04-12 N/A
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.
CVE-2014-3977 1 Ibm 2 Aix, Vios 2025-04-12 N/A
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2011-0460 2 Kbd-project, Opensuse 2 Kbd, Opensuse 2025-04-12 N/A
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
CVE-2016-3096 2 Fedoraproject, Redhat 2 Fedora, Ansible 2025-04-12 N/A
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.