Vulnerabilities (CVE)

Filtered by CWE-59
Total 1264 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0546 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 3.3 LOW N/A
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
CVE-2011-1920 2 Ihji, Netbsd 2 Pmake, Netbsd 2025-04-11 3.3 LOW N/A
The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.
CVE-2010-4337 1 Gnu 1 Gnash 2025-04-11 3.3 LOW N/A
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
CVE-2011-0402 1 Debian 1 Dpkg 2025-04-11 6.8 MEDIUM N/A
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
CVE-2009-5044 2 Apple, Gnu 2 Mac Os X, Groff 2025-04-11 3.3 LOW N/A
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
CVE-2009-1299 1 Pulseaudio 1 Pulseaudio 2025-04-11 6.9 MEDIUM N/A
The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
CVE-2011-1004 1 Ruby-lang 1 Ruby 2025-04-11 6.3 MEDIUM N/A
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.
CVE-2011-0017 1 Exim 1 Exim 2025-04-11 6.9 MEDIUM N/A
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
CVE-2012-1088 1 Iproute2 Project 1 Iproute2 2025-04-11 3.3 LOW N/A
iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.
CVE-2011-1031 1 Feh Project 1 Feh 2025-04-11 3.3 LOW N/A
The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.
CVE-2011-4363 2 Frii, Perl 2 Proc\, Perl 2025-04-11 2.6 LOW N/A
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
CVE-2009-5080 1 Gnu 1 Groff 2025-04-11 3.3 LOW N/A
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
CVE-2014-0027 1 Cmu 1 Flite 2025-04-11 3.3 LOW N/A
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
CVE-2011-5146 1 Ingumadev 1 Bokken 2025-04-11 2.6 LOW N/A
Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.
CVE-2010-3879 1 Libfuse Project 1 Libfuse 2025-04-11 5.8 MEDIUM N/A
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
CVE-2010-0424 2 Fedorahosted, Paul Vixie 2 Cronie, Vixie Cron 2025-04-11 3.3 LOW N/A
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
CVE-2013-4136 2 Phusion, Ruby-lang 2 Passenger, Ruby 2025-04-11 4.4 MEDIUM N/A
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVE-2010-4173 1 Openfabrics 1 Libsdp 2025-04-11 3.3 LOW N/A
The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.
CVE-2012-0054 1 Golismero 1 Golismero 2025-04-11 3.3 LOW N/A
libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.
CVE-2011-3870 2 Puppet, Puppetlabs 2 Puppet, Puppet 2025-04-11 6.3 MEDIUM N/A
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.