Export limit exceeded: 342998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7969 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3561 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2025-04-12 | N/A |
| The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | ||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2025-04-12 | N/A |
| lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | ||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2025-04-12 | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | ||||
| CVE-2015-3253 | 3 Apache, Oracle, Redhat | 14 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 11 more | 2025-04-12 | N/A |
| The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | ||||
| CVE-2014-3537 | 4 Apple, Canonical, Fedoraproject and 1 more | 4 Cups, Ubuntu Linux, Fedora and 1 more | 2025-04-12 | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | ||||
| CVE-2010-5105 | 1 Blender | 1 Blender | 2025-04-12 | N/A |
| The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103. | ||||
| CVE-2015-8876 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data. | ||||
| CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2025-04-12 | N/A |
| The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | ||||
| CVE-2015-1338 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-04-12 | N/A |
| kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | ||||
| CVE-2009-5023 | 1 Fail2ban | 1 Fail2ban | 2025-04-12 | N/A |
| The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt. | ||||
| CVE-2014-2893 | 2 Llvm, Opensuse | 2 Clang, Opensuse | 2025-04-12 | N/A |
| The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | ||||
| CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-12 | 5.5 Medium |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | ||||
| CVE-2013-4215 | 1 Nagios | 1 Plugins | 2025-04-12 | N/A |
| The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | ||||
| CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2025-04-12 | N/A |
| Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | ||||
| CVE-2015-8878 | 1 Php | 1 Php | 2025-04-12 | N/A |
| main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses. | ||||
| CVE-2016-9865 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2015-1377 | 1 Webmin | 1 Webmin | 2025-04-12 | N/A |
| The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | ||||
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | ||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | ||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2025-04-12 | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||