Total
1499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2026-05-06 | 2.4 LOW | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | |||||
| CVE-2015-6927 | 1 Openvz | 1 Vzctl | 2026-05-06 | 3.6 LOW | N/A |
| vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. | |||||
| CVE-2015-0794 | 2 Dracut Project, Opensuse | 2 Dracut, Opensuse | 2026-05-06 | 3.6 LOW | N/A |
| modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map. | |||||
| CVE-2015-3629 | 2 Docker, Opensuse | 2 Libcontainer, Opensuse | 2026-05-06 | 7.2 HIGH | 7.8 HIGH |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | |||||
| CVE-2014-3627 | 1 Apache | 1 Hadoop | 2026-05-06 | 5.0 MEDIUM | N/A |
| The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. | |||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2026-05-06 | 1.9 LOW | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | |||||
| CVE-2014-3421 | 2 Gnu, Mageia Project | 2 Emacs, Mageia | 2026-05-06 | 3.3 LOW | N/A |
| lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | |||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2026-05-06 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2011-0460 | 2 Kbd-project, Opensuse | 2 Kbd, Opensuse | 2026-05-06 | 6.3 MEDIUM | N/A |
| The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. | |||||
| CVE-2015-3436 | 1 Zarafa | 1 Zarafa Collaboration Platform | 2026-05-06 | 6.6 MEDIUM | N/A |
| provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. | |||||
| CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2026-05-06 | 7.2 HIGH | 7.8 HIGH |
| The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | |||||
| CVE-2013-0350 | 1 David Leonard | 1 Pkstat | 2026-05-06 | 6.3 MEDIUM | N/A |
| tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log. | |||||
| CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2026-05-06 | 2.1 LOW | 3.3 LOW |
| Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
| CVE-2015-1194 | 1 Pax Project | 1 Pax | 2026-05-06 | 4.3 MEDIUM | N/A |
| pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||||
| CVE-2015-4156 | 2 Gnu, Opensuse | 2 Parallel, Opensuse | 2026-05-06 | 3.6 LOW | N/A |
| GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2026-05-06 | 7.2 HIGH | 8.4 HIGH |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2026-05-06 | 1.9 LOW | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | |||||
| CVE-2015-3627 | 1 Docker | 2 Docker, Libcontainer | 2026-05-06 | 7.2 HIGH | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | |||||
| CVE-2015-0556 | 2 Arj Software, Fedoraproject | 2 Arj Archiver, Fedora | 2026-05-06 | 5.8 MEDIUM | N/A |
| Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||||
| CVE-2013-6124 | 1 Codeaurora | 1 Android-msm | 2026-05-06 | 3.3 LOW | N/A |
| The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file. | |||||