Vulnerabilities (CVE)

Filtered by CWE-59
Total 1269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2142 1 Libimobiledevice 1 Libimobiledevice 2025-04-11 3.3 LOW N/A
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.
CVE-2013-0927 1 Google 1 Chrome Os 2025-04-11 7.5 HIGH N/A
Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.
CVE-2011-3869 2 Puppet, Puppetlabs 2 Puppet, Puppet 2025-04-11 6.3 MEDIUM N/A
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
CVE-2013-2029 1 Redhat 1 Openstack 2025-04-11 6.3 MEDIUM N/A
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
CVE-2010-2053 1 Emesene 1 Emesene 2025-04-11 3.3 LOW N/A
emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.
CVE-2011-4060 1 Qnx 1 Neutrino Rtos 2025-04-11 3.3 LOW N/A
The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.
CVE-2012-5355 1 Bryce Harrington 1 Xdiagnose 2025-04-11 3.3 LOW N/A
welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2013-2561 2 Openfabrics, Redhat 2 Ibutils, Enterprise Linux 2025-04-11 6.3 MEDIUM N/A
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.
CVE-2011-4617 1 Python 1 Virtualenv 2025-04-11 1.2 LOW N/A
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
CVE-2010-0156 1 Puppet 1 Puppet 2025-04-11 3.3 LOW N/A
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.
CVE-2014-1639 1 Debian 1 Syncevolution 2025-04-11 3.3 LOW N/A
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2010-0546 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 3.3 LOW N/A
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
CVE-2011-1920 2 Ihji, Netbsd 2 Pmake, Netbsd 2025-04-11 3.3 LOW N/A
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
CVE-2010-4337 1 Gnu 1 Gnash 2025-04-11 3.3 LOW N/A
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
CVE-2011-0402 1 Debian 1 Dpkg 2025-04-11 6.8 MEDIUM N/A
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
CVE-2009-5044 2 Apple, Gnu 2 Mac Os X, Groff 2025-04-11 3.3 LOW N/A
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVE-2009-1299 1 Pulseaudio 1 Pulseaudio 2025-04-11 6.9 MEDIUM N/A
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
CVE-2011-1004 1 Ruby-lang 1 Ruby 2025-04-11 6.3 MEDIUM N/A
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
CVE-2011-0017 1 Exim 1 Exim 2025-04-11 6.9 MEDIUM N/A
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
CVE-2012-1088 1 Iproute2 Project 1 Iproute2 2025-04-11 3.3 LOW N/A
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.