Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-5746

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-29 Dec, 2008 | 15:00
Updated At-07 Aug, 2024 | 11:04
Rejected At-
Credits

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:29 Dec, 2008 | 15:00
Updated At:07 Aug, 2024 | 11:04
Rejected At:
▼CVE Numbering Authority (CNA)

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/33014
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id?1021496
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/33328
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
vdb-entry
x_refsource_XF
http://osvdb.org/50987
vdb-entry
x_refsource_OSVDB
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.securityfocus.com/bid/33014
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id?1021496
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/33328
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://osvdb.org/50987
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Resource:
vendor-advisory
x_refsource_SUNALERT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/33014
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id?1021496
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/33328
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
vdb-entry
x_refsource_XF
x_transferred
http://osvdb.org/50987
vdb-entry
x_refsource_OSVDB
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/33014
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021496
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/33328
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://osvdb.org/50987
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:29 Dec, 2008 | 15:24
Updated At:08 Aug, 2017 | 01:33

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.4
cpe:2.3:a:sun:snmp_management_agent:1.4:update_2:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.5.3
cpe:2.3:a:sun:snmp_management_agent:1.5.3:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>snmp_management_agent>>1.5.4
cpe:2.3:a:sun:snmp_management_agent:1.5.4:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>8
cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>9
cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>solaris>>10
cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1 This issue can occur in the following releases: SPARC Platform * Sun SNMP Management Agent "SUNWmasf" 1.4u2 thru 1.5.4 (For Solaris 8, 9 and 10)
Evaluator Impact

Evaluator Solution

http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1 This issue is addressed in the following release: SPARC Platform * Sun SNMP Management Agent ("SUNWmasf") 1.5.5 or later (For Solaris 8, 9 and 10) Sun SNMP Management Agent is available for download at http://www.sun.com/download/

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/50987cve@mitre.org
N/A
http://secunia.com/advisories/33328cve@mitre.org
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/33014cve@mitre.org
N/A
http://www.securitytracker.com/id?1021496cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/47619cve@mitre.org
N/A
Hyperlink: http://osvdb.org/50987
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33328
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/33014
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021496
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47619
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

175Records found
CVE-2008-5153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.85%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodlen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 16:00
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, stating 'this package does not have " possibility of attack with the help of symlinks"'

Action-Not Available
Vendor-a_mennucc1n/a
Product-printfilters-ppdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 19.79%
||
7 Day CHG~0.00%
Published-22 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.

Action-Not Available
Vendor-verlihub-projectn/a
Product-verlihubn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.

Action-Not Available
Vendor-uoregonn/a
Product-taun/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

Action-Not Available
Vendor-cripn/a
Product-cripn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5378
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.

Action-Not Available
Vendor-lehrstuhl_fur_mikrobiologien/a
Product-arbn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.

Action-Not Available
Vendor-lars_bahnern/a
Product-xcaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/zenity temporary file. NOTE: the vendor disputes this vulnerability, stating that the vector is solely "an EXAMPLE used in the manpage.

Action-Not Available
Vendor-pilot-qofn/a
Product-datafreedom-perln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.45%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.

Action-Not Available
Vendor-lazarusn/a
Product-lazarusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4983
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.70%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.

Action-Not Available
Vendor-scilabn/a
Product-scilab-binn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/redirect.log temporary file. NOTE: this vulnerability is only limited to debug mode, which is disabled by default.

Action-Not Available
Vendor-jose_m.vidaln/a
Product-bk2siten/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-21919
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.50% / 64.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-16||Apply updates per vendor instructions.
Windows User Profile Service Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1909windows_7windows_10_20h2windows_10_1607windows_server_20h2windows_server_2022windows_server_2008windows_server_2016windows_11_21h2windows_10_1809windows_10_21h2windows_10_21h1windows_8.1windows_rt_8.1windows_10_1507windows_server_2019Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows 11 version 21H2Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1909Windows Server 2008 Service Pack 2Windows Server 2008 Service Pack 2Windows Server 2022Windows Server version 20H2Windows Server 2016Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 Service Pack 1Windows 7Windows 10 Version 21H1Windows Server 2012Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

Action-Not Available
Vendor-baculan/a
Product-baculan/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5142
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.

Action-Not Available
Vendor-n/aFreeBSD Foundation
Product-freebsd-sendprn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5372
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.

Action-Not Available
Vendor-jonas_smedegaardn/a
Product-sdm-terminaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.

Action-Not Available
Vendor-georges_khaznadarn/a
Product-wimsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

Action-Not Available
Vendor-auckon/a
Product-libncbi6n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5379
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-16 Sep, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.

Action-Not Available
Vendor-oliver_gorwitsn/a
Product-netdisco_mibs_installern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2008 | 21:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.

Action-Not Available
Vendor-pdfjamn/a
Product-pdfjamn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4984
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/dpkg.#####.tmp, (b) /tmp/missing_deps.#####, and (c) /tmp/sb2-pkg-chk.$tstamp.##### temporary files, related to the (1) dpkg-checkbuilddeps and (2) sb2-check-pkg-mappings scripts.

Action-Not Available
Vendor-n/afreedesktop.org
Product-scratchbox2n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.91%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

Action-Not Available
Vendor-matthias_klosen/a
Product-bash-docn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5148
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

Action-Not Available
Vendor-gedan/a
Product-gnetlistn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.

Action-Not Available
Vendor-koeniglichn/a
Product-p3nfsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.62%
||
7 Day CHG~0.00%
Published-03 Dec, 2008 | 17:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm scripts in /usr/share/MailScanner/MailScanner/; (14) /usr/sbin/MailScanner; and (15) scripts that load the /etc/MailScanner/mailscanner.conf.with.mcp configuration file.

Action-Not Available
Vendor-mailscannern/a
Product-mailscannern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-ltpn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2022-0017
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-7||HIGH
EPSS-0.12% / 31.42%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 18:10
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalation

An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Microsoft Corporation
Product-globalprotectwindowsGlobalProtect App
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 8.82%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-mailscannern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4993
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.70%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.

Action-Not Available
Vendor-n/aXen Project
Product-xenn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.

Action-Not Available
Vendor-dann_fraziern/a
Product-flamethrowern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.

Action-Not Available
Vendor-john_hornen/a
Product-rkhuntern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.45%
||
7 Day CHG-0.05%
Published-07 Nov, 2008 | 19:00
Updated-17 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-initramfs-toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5377
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

Action-Not Available
Vendor-n/aApple Inc.
Product-cupsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 27.09%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.

Action-Not Available
Vendor-gpsdriven/a
Product-gpsdriven/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4987
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.33%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

Action-Not Available
Vendor-xastirn/a
Product-xastirn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.45%
||
7 Day CHG~0.00%
Published-07 Nov, 2008 | 19:00
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.

Action-Not Available
Vendor-twikin/a
Product-twikin/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4990
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 22:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.

Action-Not Available
Vendor-enomalyn/a
Product-elastic_computing_platformn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 23:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

Action-Not Available
Vendor-cmusn/a
Product-cmusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.

Action-Not Available
Vendor-peter_s_galbraithn/a
Product-mh-bookn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4935
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.70%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.

Action-Not Available
Vendor-amigan/a
Product-aviewn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.48%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.

Action-Not Available
Vendor-krzysztof_kozlowskin/a
Product-konwertn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-17 Sep, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.

Action-Not Available
Vendor-erl_wustln/a
Product-ctnn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 3.83%
||
7 Day CHG~0.00%
Published-01 Dec, 2008 | 15:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.

Action-Not Available
Vendor-karakas-onlinen/a
Product-chm2pdfn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-5156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-18 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.

Action-Not Available
Vendor-dann_fraziern/a
Product-systemimager-servern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.

Action-Not Available
Vendor-lustren/a
Product-lustre-testsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4967
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.32%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/bwk, (b) /tmp/zzz, and (c) /tmp/ggg temporary files, related to the (1) linuxtrade.bwkvol, (2) linuxtrade.wn, and (3) moneyam.helper scripts.

Action-Not Available
Vendor-linuxtraden/a
Product-linuxtraden/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.cxx temporary file.

Action-Not Available
Vendor-gccxmln/a
Product-gccxmln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*.xml and (2) /tmp/*.backup temporary files.

Action-Not Available
Vendor-netmrgn/a
Product-netmrgn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/debugbuf temporary file.

Action-Not Available
Vendor-fumitoshi_ukain/a
Product-fmln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-06 Nov, 2008 | 11:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts.

Action-Not Available
Vendor-radiancen/a
Product-radiancen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 6.17%
||
7 Day CHG~0.00%
Published-05 Nov, 2008 | 14:51
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.

Action-Not Available
Vendor-apertiumn/a
Product-apertiumn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found