Total
207 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0860 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager | 2025-04-11 | N/A |
| Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | ||||
| CVE-2014-1876 | 2 Oracle, Redhat | 5 Openjdk, Enterprise Linux, Network Satellite and 2 more | 2025-04-11 | N/A |
| The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. | ||||
| CVE-2009-5044 | 2 Apple, Gnu | 2 Mac Os X, Groff | 2025-04-11 | N/A |
| contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. | ||||
| CVE-2013-4169 | 2 Gnome, Redhat | 2 Gnome Display Manager, Enterprise Linux | 2025-04-11 | N/A |
| GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. | ||||
| CVE-2011-1920 | 2 Ihji, Netbsd | 2 Pmake, Netbsd | 2025-04-11 | N/A |
| The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk. | ||||
| CVE-2012-5635 | 2 Gluster, Redhat | 5 Glusterfs, Storage, Storage Management Console and 2 more | 2025-04-11 | N/A |
| The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417. | ||||
| CVE-2013-0162 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 4 1, Openshift, 1.2 and 1 more | 2025-04-11 | N/A |
| The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
| CVE-2012-1088 | 1 Iproute2 Project | 1 Iproute2 | 2025-04-11 | N/A |
| iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. | ||||
| CVE-2014-0027 | 1 Cmu | 1 Flite | 2025-04-11 | N/A |
| The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-2119 | 3 Phusion, Redhat, Ruby-lang | 3 Passenger, Openshift, Ruby | 2025-04-11 | N/A |
| Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. | ||||
| CVE-2013-4419 | 4 Libguestfs, Novell, Redhat and 1 more | 4 Libguestfs, Suse Linux Enterprise Server, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | ||||
| CVE-2013-6402 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | N/A |
| base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file. | ||||
| CVE-2013-4373 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | N/A |
| The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | ||||
| CVE-2013-2217 | 3 Jeff Ortel, Opensuse, Redhat | 3 Suds, Opensuse, Enterprise Linux | 2025-04-11 | N/A |
| cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. | ||||
| CVE-2010-4173 | 1 Openfabrics | 1 Libsdp | 2025-04-11 | N/A |
| The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file. | ||||
| CVE-2013-4214 | 2 Nagios, Redhat | 2 Nagios, Openstack | 2025-04-11 | N/A |
| rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. | ||||
| CVE-2013-4157 | 1 Redhat | 2 Storage, Storage Server | 2025-04-11 | N/A |
| Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | ||||
| CVE-2012-3504 | 1 Fedoraproject | 1 Crypto-utils | 2025-04-11 | N/A |
| The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | ||||
| CVE-2013-2142 | 1 Libimobiledevice | 1 Libimobiledevice | 2025-04-11 | N/A |
| userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/. | ||||
| CVE-2013-2029 | 1 Redhat | 1 Openstack | 2025-04-11 | N/A |
| nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. | ||||