Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2026-06-16 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2012-0808 | 1 Bdale Garbee | 1 As31 | 2026-06-16 | 3.6 LOW | N/A |
| as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. | |||||
| CVE-2012-0786 | 1 Augeas | 1 Augeas | 2026-06-16 | 3.3 LOW | N/A |
| The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. | |||||
| CVE-2012-0054 | 1 Golismero | 1 Golismero | 2026-06-16 | 3.3 LOW | N/A |
| libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. | |||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2026-06-16 | 3.3 LOW | 5.5 MEDIUM |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | |||||
| CVE-2011-5146 | 1 Ingumadev | 1 Bokken | 2026-06-16 | 2.6 LOW | N/A |
| Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot. | |||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2026-06-16 | 1.2 LOW | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | |||||
| CVE-2011-4363 | 2 Frii, Perl | 2 Proc\, Perl | 2026-06-16 | 2.6 LOW | N/A |
| ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS. | |||||
| CVE-2011-4116 | 1 Cpan | 1 File\ | 2026-06-16 | 1.5 LOW | 3.3 LOW |
| _is_safe in the File::Temp module for Perl does not properly handle symlinks. | |||||
| CVE-2011-4105 | 1 Robert Ancell | 1 Lightdm | 2026-06-16 | 1.9 LOW | N/A |
| LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority. | |||||
| CVE-2011-4060 | 1 Qnx | 1 Neutrino Rtos | 2026-06-16 | 3.3 LOW | N/A |
| The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2011-4028 | 1 X.org | 1 X Server | 2026-06-16 | 1.2 LOW | N/A |
| The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. | |||||
| CVE-2011-3870 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2026-06-16 | 6.3 MEDIUM | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file. | |||||
| CVE-2011-3869 | 2 Puppet, Puppetlabs | 2 Puppet, Puppet | 2026-06-16 | 6.3 MEDIUM | N/A |
| Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2026-06-16 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2026-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| atop: symlink attack possible due to insecure tempfile handling | |||||
| CVE-2011-3616 | 1 Conky | 1 Conky | 2026-06-16 | 6.3 MEDIUM | N/A |
| The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. | |||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2026-06-16 | 6.6 MEDIUM | 7.1 HIGH |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | |||||
| CVE-2011-3204 | 1 Geoff Wong | 1 Hammerhead | 2026-06-16 | 3.3 LOW | N/A |
| hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. | |||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2026-06-16 | 1.9 LOW | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | |||||