Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0794 | 2 Dracut Project, Opensuse | 2 Dracut, Opensuse | 2026-06-17 | 3.6 LOW | N/A |
| modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | |||||
| CVE-2015-0556 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2026-06-17 | 5.8 MEDIUM | N/A |
| Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||||
| CVE-2014-9512 | 3 Opensuse, Oracle, Samba | 3 Opensuse, Solaris, Rsync | 2026-06-17 | 6.4 MEDIUM | N/A |
| rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. | |||||
| CVE-2014-9508 | 1 Typo3 | 1 Typo3 | 2026-06-17 | 4.3 MEDIUM | N/A |
| The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | |||||
| CVE-2014-8585 | 1 W3eden | 1 Download Manager | 2026-06-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php. | |||||
| CVE-2014-7206 | 1 Debian | 2 Advanced Package Tool, Apt | 2026-06-17 | 3.6 LOW | N/A |
| The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file. | |||||
| CVE-2014-6407 | 1 Docker | 1 Docker | 2026-06-17 | 7.5 HIGH | N/A |
| Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. | |||||
| CVE-2014-5509 | 1 Clipboard Project | 1 Clipboard | 2026-06-17 | 3.6 LOW | 5.5 MEDIUM |
| clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | |||||
| CVE-2014-5459 | 3 Opensuse, Oracle, Php | 4 Evergreen, Opensuse, Solaris and 1 more | 2026-06-17 | 3.6 LOW | N/A |
| The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | |||||
| CVE-2014-5260 | 1 Xml-dt Project | 1 Xml-dt | 2026-06-17 | 6.3 MEDIUM | N/A |
| The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file. | |||||
| CVE-2014-5045 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux Eus, Enterprise Linux Server Aus and 1 more | 2026-06-17 | 6.2 MEDIUM | N/A |
| The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program. | |||||
| CVE-2014-5030 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2026-06-17 | 1.9 LOW | N/A |
| CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py. | |||||
| CVE-2014-5029 | 2 Apple, Canonical | 2 Cups, Ubuntu Linux | 2026-06-17 | 1.5 LOW | N/A |
| The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | |||||
| CVE-2014-4996 | 1 Vladtheenterprising Project | 1 Vladtheenterprising | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | |||||
| CVE-2014-4978 | 2 Fedoraproject, Rawstudio | 2 Fedora, Rawstudio | 2026-06-17 | 3.6 LOW | 5.5 MEDIUM |
| The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | |||||
| CVE-2014-4703 | 1 Nagios | 1 Nagios | 2026-06-17 | 2.1 LOW | N/A |
| lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. | |||||
| CVE-2014-4480 | 1 Apple | 2 Iphone Os, Tvos | 2026-06-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink. | |||||
| CVE-2014-4372 | 1 Apple | 2 Iphone Os, Tvos | 2026-06-17 | 3.6 LOW | N/A |
| syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file. | |||||
| CVE-2014-4199 | 1 Vmware | 3 Tools, Vm-support, Workstation | 2026-06-17 | 6.3 MEDIUM | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | |||||
| CVE-2014-4150 | 1 S48 | 1 Scheme48 | 2026-06-17 | 3.6 LOW | 5.5 MEDIUM |
| The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | |||||