Search Results (8784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6566 2 Fedoraproject, Zarafa 2 Fedora, Zarafa Collaboration Platform 2025-04-12 N/A
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
CVE-2016-4443 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
CVE-2015-8878 1 Php 1 Php 2025-04-12 N/A
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.
CVE-2016-0448 3 Canonical, Oracle, Redhat 7 Ubuntu Linux, Jdk, Jre and 4 more 2025-04-12 N/A
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
CVE-2014-3986 1 Cisofy 1 Lynis 2025-04-12 N/A
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
CVE-2001-1593 1 Gnu 1 A2ps 2025-04-12 N/A
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2016-6330 1 Redhat 1 Jboss Operations Network 2025-04-12 N/A
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.
CVE-2015-1194 1 Pax Project 1 Pax 2025-04-12 N/A
pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-5273 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.
CVE-2016-2943 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
CVE-2015-5287 1 Redhat 6 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.
CVE-2015-1196 3 Gnu, Opensuse, Oracle 3 Patch, Opensuse, Solaris 2025-04-12 N/A
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1038 3 7-zip, Fedoraproject, Oracle 3 P7zip, Fedora, Solaris 2025-04-12 N/A
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2016-2510 4 Beanshell, Canonical, Debian and 1 more 8 Beanshell, Ubuntu Linux, Debian Linux and 5 more 2025-04-12 8.1 High
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2009-5023 1 Fail2ban 1 Fail2ban 2025-04-12 N/A
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.
CVE-2010-5105 1 Blender 1 Blender 2025-04-12 N/A
The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.
CVE-2013-2105 1 Jonathan Leung 1 Show In Browser 2025-04-12 N/A
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
CVE-2014-8585 1 W3eden 1 Download Manager 2025-04-12 N/A
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.
CVE-2015-8876 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 N/A
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.
CVE-2014-3982 1 Cisofy 1 Lynis 2025-04-12 N/A
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.