Total
1513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4038 | 3 Ppc64-diag Project, Redhat, Suse | 3 Ppc64-diag, Enterprise Linux Server, Linux Enterprise Server | 2026-06-17 | 4.4 MEDIUM | N/A |
| ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras. | |||||
| CVE-2014-3986 | 1 Cisofy | 1 Lynis | 2026-06-17 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name. | |||||
| CVE-2014-3982 | 1 Cisofy | 1 Lynis | 2026-06-17 | 3.3 LOW | N/A |
| include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file. | |||||
| CVE-2014-3981 | 1 Php | 1 Php | 2026-06-17 | 3.3 LOW | N/A |
| acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. | |||||
| CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2026-06-17 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
| CVE-2014-3627 | 1 Apache | 1 Hadoop | 2026-06-17 | 5.0 MEDIUM | N/A |
| The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | |||||
| CVE-2014-3563 | 1 Saltstack | 1 Salt | 2026-06-17 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud. | |||||
| CVE-2014-3537 | 3 Apple, Canonical, Fedoraproject | 3 Cups, Ubuntu Linux, Fedora | 2026-06-17 | 1.2 LOW | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||||
| CVE-2014-3486 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2026-06-17 | 6.9 MEDIUM | N/A |
| The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name. | |||||
| CVE-2014-3424 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2026-06-17 | 3.3 LOW | N/A |
| lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||||
| CVE-2014-3423 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2026-06-17 | 3.3 LOW | N/A |
| lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | |||||
| CVE-2014-3422 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2026-06-17 | 3.3 LOW | N/A |
| lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | |||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2026-06-17 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
| CVE-2014-3219 | 2 Fedoraproject, Fishshell | 2 Fedora, Fish | 2026-06-17 | 4.3 MEDIUM | 7.8 HIGH |
| fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | |||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2026-06-17 | 1.9 LOW | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | |||||
| CVE-2014-2524 | 4 Fedoraproject, Gnu, Mageia and 1 more | 4 Fedora, Readline, Mageia and 1 more | 2026-06-17 | 3.3 LOW | N/A |
| The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. | |||||
| CVE-2014-2312 | 1 Intel | 1 Thermald | 2026-06-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | |||||
| CVE-2014-1938 | 1 Rply Project | 1 Rply | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| python-rply before 0.7.4 insecurely creates temporary files. | |||||
| CVE-2014-1934 | 2 Opensuse, Travis Shirk | 2 Opensuse, Eyed3 | 2026-06-17 | 3.3 LOW | N/A |
| tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2026-06-17 | 4.4 MEDIUM | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | |||||