Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-4987

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Nov, 2008 | 11:00
Updated At-07 Aug, 2024 | 10:31
Rejected At-
Credits

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Nov, 2008 | 11:00
Updated At:07 Aug, 2024 | 10:31
Rejected At:
▼CVE Numbering Authority (CNA)

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/31771
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/44920
vdb-entry
x_refsource_XF
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html
vendor-advisory
x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2008/10/30/2
mailing-list
x_refsource_MLIST
https://bugs.gentoo.org/show_bug.cgi?id=235770
x_refsource_CONFIRM
http://bugs.debian.org/496383
x_refsource_CONFIRM
http://www.securityfocus.com/bid/31030
vdb-entry
x_refsource_BID
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html
vendor-advisory
x_refsource_FEDORA
http://uvw.ru/report.lenny.txt
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=460429
x_refsource_CONFIRM
http://secunia.com/advisories/31677
third-party-advisory
x_refsource_SECUNIA
http://dev.gentoo.org/~rbu/security/debiantemp/xastir
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31771
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44920
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2008/10/30/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=235770
Resource:
x_refsource_CONFIRM
Hyperlink: http://bugs.debian.org/496383
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/31030
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://uvw.ru/report.lenny.txt
Resource:
x_refsource_MISC
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=460429
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/31677
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://dev.gentoo.org/~rbu/security/debiantemp/xastir
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/31771
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/44920
vdb-entry
x_refsource_XF
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.openwall.com/lists/oss-security/2008/10/30/2
mailing-list
x_refsource_MLIST
x_transferred
https://bugs.gentoo.org/show_bug.cgi?id=235770
x_refsource_CONFIRM
x_transferred
http://bugs.debian.org/496383
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/31030
vdb-entry
x_refsource_BID
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://uvw.ru/report.lenny.txt
x_refsource_MISC
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=460429
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/31677
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://dev.gentoo.org/~rbu/security/debiantemp/xastir
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31771
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44920
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/10/30/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=235770
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://bugs.debian.org/496383
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31030
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://uvw.ru/report.lenny.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=460429
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/31677
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://dev.gentoo.org/~rbu/security/debiantemp/xastir
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Nov, 2008 | 15:55
Updated At:08 Aug, 2017 | 01:33

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
xastir
xastir
>>xastir>>1.9.2
cpe:2.3:a:xastir:xastir:1.9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/496383cve@mitre.org
Exploit
http://dev.gentoo.org/~rbu/security/debiantemp/xastircve@mitre.org
N/A
http://secunia.com/advisories/31677cve@mitre.org
N/A
http://secunia.com/advisories/31771cve@mitre.org
N/A
http://uvw.ru/report.lenny.txtcve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/10/30/2cve@mitre.org
N/A
http://www.securityfocus.com/bid/31030cve@mitre.org
N/A
https://bugs.gentoo.org/show_bug.cgi?id=235770cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=460429cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/44920cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.htmlcve@mitre.org
N/A
Hyperlink: http://bugs.debian.org/496383
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://dev.gentoo.org/~rbu/security/debiantemp/xastir
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31677
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/31771
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://uvw.ru/report.lenny.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/10/30/2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31030
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=235770
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=460429
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/44920
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00199.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00307.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

156Records found
CVE-2008-4944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files.

Action-Not Available
Vendor-gleydson_mazioli_da_silvan/a
Product-cdcontroln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.log, (b) /tmp/spam.log.#####, and (c) /tmp/spam_err.log temporary files, related to the (1) accesslog.php and (2) sa-wrapper scripts.

Action-Not Available
Vendor-gplhostn/a
Product-dtc-commonn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.

Action-Not Available
Vendor-jose_m.vidaln/a
Product-bk2siten/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.27%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/snap##### and (b) /tmp/nightly##### temporary files, related to the (1) maysnap and (2) maytest scripts.

Action-Not Available
Vendor-openswann/a
Product-linux-patch-openswann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4948
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ddj_fest.tmp temporary file.

Action-Not Available
Vendor-nostaticn/a
Product-digitaldjn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.

Action-Not Available
Vendor-apertiumn/a
Product-apertiumn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

Action-Not Available
Vendor-gedan/a
Product-gnetlistn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink attack involving a /tmp/amlabel-cdrw.##### temporary directory.

Action-Not Available
Vendor-tivanon/a
Product-cdrw-tapern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 41.06%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

Action-Not Available
Vendor-n/aApple Inc.
Product-cupsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.27%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.

Action-Not Available
Vendor-linuxtraden/a
Product-linuxtraden/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.84%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####, (b) /tmp/#####.intro, (c) /tmp/aegis.#####.ae, (d) /tmp/aegis.#####, (e) /tmp/aegis.#####.1, (f) /tmp/aegis.#####.2, (g) /tmp/aegis.#####.log, and (h) /tmp/aegis.#####.out temporary files, related to the (1) bng_dvlpd.sh, (2) bng_rvwd.sh, (3) awt_dvlp.sh, (4) awt_intgrtn.sh, and (5) aegis.cgi scripts.

Action-Not Available
Vendor-aegisn/a
Product-aegis-webaegisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 27.08%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.

Action-Not Available
Vendor-gpsdriven/a
Product-gpsdriven/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.

Action-Not Available
Vendor-pilot-qofn/a
Product-datafreedom-perln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.

Action-Not Available
Vendor-lustren/a
Product-lustre-testsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

Action-Not Available
Vendor-lazarusn/a
Product-lazarusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Action-Not Available
Vendor-fireholn/a
Product-fireholn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.53%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on (a) /tmp/ogle_audio.#####, (b) /tmp/ogle_cli.#####, (c) /tmp/ogle_ctrl.#####, (d) /tmp/ogle_gui.#####, (e) /tmp/ogle_mpeg_ps.#####, (f) /tmp/ogle_mpeg_vs.#####, (g) /tmp/ogle_nav.#####, and (h) /tmp/ogle_vout.#####, temporary files, related to the (1) ogle_audio_debug, (2) ogle_cli_debug, (3) ogle_ctrl_debug, (4) ogle_gui_debug, (5) ogle_mpeg_ps_debug, (6) ogle_mpeg_vs_debug, (7) ogle_nav_debug, and (8) ogle_vout_debug scripts.

Action-Not Available
Vendor-alan_woodlandn/a
Product-ogle-mmxoglen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.

Action-Not Available
Vendor-javier_fernandezn/a
Product-jailern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-dpkg-crossn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.

Action-Not Available
Vendor-alastair_mckinstryn/a
Product-ltp-network-testn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4956
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.36%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.

Action-Not Available
Vendor-firewallbuildern/a
Product-fwbuildern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

Action-Not Available
Vendor-marco_d\'itrin/a
Product-pppn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.42%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.

Action-Not Available
Vendor-dann_fraziern/a
Product-systemimager-servern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4935
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.66%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.

Action-Not Available
Vendor-amigan/a
Product-aviewn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.

Action-Not Available
Vendor-ldrolezn/a
Product-tkusrn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 16:00
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'

Action-Not Available
Vendor-a_mennucc1n/a
Product-printfilters-ppdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.

Action-Not Available
Vendor-jose_carlos_medeirosn/a
Product-maildirsyncn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.

Action-Not Available
Vendor-lars_bahnern/a
Product-xcaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.87%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

Action-Not Available
Vendor-matthias_klosen/a
Product-bash-docn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.56%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.

Action-Not Available
Vendor-john_hornen/a
Product-rkhuntern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.

Action-Not Available
Vendor-koeniglichn/a
Product-p3nfsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

Action-Not Available
Vendor-erl_wustln/a
Product-ctnn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.

Action-Not Available
Vendor-guus_sliepenn/a
Product-dhis-servern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file.

Action-Not Available
Vendor-aptoncdn/a
Product-aptoncdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 4.96%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 22:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

Action-Not Available
Vendor-enomalyn/a
Product-elastic_computing_platformn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-myspelln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3930
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.76%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-citadel_servern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-honeyd_commonn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4192
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-29 Sep, 2008 | 17:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cmann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.46%
||
7 Day CHG~0.00%
Published-07 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

Action-Not Available
Vendor-sympan/a
Product-sympan/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3931
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.53%
||
7 Day CHG~0.00%
Published-04 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Action-Not Available
Vendor-r_foundationn/a
Product-rn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-21117
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.06%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:55
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-23968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.50% / 84.73%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 19:44
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.

Action-Not Available
Vendor-ilexn/a
Product-international_sign\&gon/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-5377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.13%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Action-Not Available
Vendor-n/aGNU
Product-trampn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-5664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.78%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-5805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.87%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 17:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-4631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 10.14%
||
7 Day CHG~0.00%
Published-31 Aug, 2007 | 22:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

Action-Not Available
Vendor-qgitn/a
Product-qgitn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-4998
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.64%
||
7 Day CHG~0.00%
Published-31 Jan, 2008 | 20:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21919
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.50% / 64.73%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-16||Apply updates per vendor instructions.
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_11_21h2windows_10_1809windows_10_21h2windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-27697
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.36%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 18:45
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-premium_security_2020windowsinternet_security_2020maximum_security_2020antivirus\+_security_2020Trend Micro Security (Consumer)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found