Export limit exceeded: 349822 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8209 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5527 | 1 Claws-mail | 1 Vcalendar | 2024-11-21 | 5.5 Medium |
| Claws Mail vCalendar plugin: credentials exposed on interface | ||||
| CVE-2012-3823 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. | ||||
| CVE-2012-2945 | 1 Apache | 1 Hadoop | 2024-11-21 | 7.5 High |
| Hadoop 1.0.3 contains a symlink vulnerability. | ||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 7.5 High |
| Moodle before 2.2.2 has users' private files included in course backups | ||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2024-11-21 | 7.8 High |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | ||||
| CVE-2011-5271 | 1 Clusterlabs | 1 Pacemaker | 2024-11-21 | 5.5 Medium |
| Pacemaker before 1.1.6 configure script creates temporary files insecurely | ||||
| CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2024-11-21 | 7.5 High |
| gpw generates shorter passwords than required | ||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 7.1 High |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | ||||
| CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-11-21 | 7.8 High |
| atop: symlink attack possible due to insecure tempfile handling | ||||
| CVE-2011-3351 | 1 Openvas | 1 Openvas-scanner | 2024-11-21 | 7.1 High |
| openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system. | ||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2024-11-21 | 5.5 Medium |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | ||||
| CVE-2011-2765 | 1 Pyro Project | 1 Pyro | 2024-11-21 | N/A |
| pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks. | ||||
| CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | 8.2 High |
| ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | ||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-11-21 | 4.7 Medium |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | ||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2024-11-21 | 5.5 Medium |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | ||||
| CVE-2010-4178 | 2 Fedoraproject, Oracle | 2 Fedora, Mysql-gui-tools | 2024-11-21 | 5.5 Medium |
| MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console | ||||
| CVE-2010-3095 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 4.7 Medium |
| mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2010-2064 | 1 Rpcbind Project | 1 Rpcbind | 2024-11-21 | 7.1 High |
| rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | ||||