Export limit exceeded: 34622 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1876 | 2 Oracle, Redhat | 5 Openjdk, Enterprise Linux, Network Satellite and 2 more | 2025-04-11 | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||||
| CVE-2011-1144 | 1 Php | 1 Pear | 2025-04-11 | N/A |
| The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072. | ||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2025-04-11 | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | ||||
| CVE-2011-1943 | 2 Fedoraproject, Gnome | 2 Fedora, Networkmanager | 2025-04-11 | N/A |
| The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. | ||||
| CVE-2011-2185 | 1 Fabfile | 1 Fabric | 2025-04-11 | N/A |
| Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/. | ||||
| CVE-2014-1948 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-11 | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2011-2894 | 2 Redhat, Vmware | 3 Jboss Soa Platform, Spring Framework, Spring Security | 2025-04-11 | N/A |
| Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class. | ||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2025-04-11 | N/A |
| The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | ||||
| CVE-2013-2029 | 1 Redhat | 1 Openstack | 2025-04-11 | N/A |
| nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. | ||||
| CVE-2013-1976 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. | ||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2025-04-11 | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | ||||
| CVE-2012-0054 | 1 Golismero | 1 Golismero | 2025-04-11 | N/A |
| libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. | ||||
| CVE-2013-1888 | 2 Fedoraproject, Pypa | 2 Fedora, Pip | 2025-04-11 | N/A |
| pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory. | ||||
| CVE-2012-0911 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 9.8 Critical |
| TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. | ||||
| CVE-2012-2441 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. | ||||
| CVE-2012-3345 | 1 Ioquake3 | 1 Ioquake3 Engine | 2025-04-11 | N/A |
| ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. | ||||
| CVE-2012-3440 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-11 | N/A |
| A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. | ||||
| CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2025-04-11 | N/A |
| openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | ||||
| CVE-2014-1640 | 1 Debian | 1 Axiom | 2025-04-11 | N/A |
| axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | ||||
| CVE-2010-1626 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2025-04-11 | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | ||||