Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2533

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Jun, 2011 | 23:00
Updated At-06 Aug, 2024 | 23:08
Rejected At-
Credits

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Jun, 2011 | 23:00
Updated At:06 Aug, 2024 | 23:08
Rejected At:
▼CVE Numbering Authority (CNA)

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1025720
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1025720
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1025720
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1025720
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Jun, 2011 | 23:55
Updated At:29 Apr, 2026 | 01:13

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.3LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:L/AC:M/Au:N/C:N/I:P/A:P
CPE Matches
freedesktop.org
freedesktop
>>dbus>>1.2.1
cpe:2.3:a:freedesktop:dbus:1.2.1:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.3
cpe:2.3:a:freedesktop:dbus:1.2.3:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.4
cpe:2.3:a:freedesktop:dbus:1.2.4:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.6
cpe:2.3:a:freedesktop:dbus:1.2.6:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.8
cpe:2.3:a:freedesktop:dbus:1.2.8:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.10
cpe:2.3:a:freedesktop:dbus:1.2.10:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.12
cpe:2.3:a:freedesktop:dbus:1.2.12:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.14
cpe:2.3:a:freedesktop:dbus:1.2.14:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.16
cpe:2.3:a:freedesktop:dbus:1.2.16:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.18
cpe:2.3:a:freedesktop:dbus:1.2.18:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.20
cpe:2.3:a:freedesktop:dbus:1.2.20:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.22
cpe:2.3:a:freedesktop:dbus:1.2.22:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.24
cpe:2.3:a:freedesktop:dbus:1.2.24:*:*:*:*:*:*:*
freedesktop.org
freedesktop
>>dbus>>1.2.26
cpe:2.3:a:freedesktop:dbus:1.2.26:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2cve@mitre.org
N/A
http://www.securitytracker.com/id?1025720cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173cve@mitre.org
N/A
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1025720af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/68173af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025720
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1025720
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/68173
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

83Records found
CVE-2010-2794
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 9.01%
||
7 Day CHG~0.00%
Published-30 Aug, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.

Action-Not Available
Vendor-n/aMozilla CorporationRed Hat, Inc.
Product-firefoxspice-xpin/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-5007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 12.45%
||
7 Day CHG~0.00%
Published-12 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-anyconnect_ssl_vpnn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-4193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-03 Dec, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.

Action-Not Available
Vendor-merkaartorn/a
Product-merkaartorn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-11736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.9||LOW
EPSS-0.34% / 56.45%
||
7 Day CHG~0.00%
Published-13 Apr, 2020 | 18:39
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxThe GNOME Project
Product-ubuntu_linuxfile-rollerdebian_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2142
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.02% / 6.42%
||
7 Day CHG~0.00%
Published-19 Jan, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.

Action-Not Available
Vendor-libimobiledevicen/a
Product-libimobiledevicen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2924
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 31.35%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:20
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Action-Not Available
Vendor-foomatic-filtersDebian GNU/LinuxFedora ProjectThe Linux Foundation
Product-debian_linuxfoomatic-filtersfedorafoomatic-filters
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-1832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 9.67%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.

Action-Not Available
Vendor-cecilian/a
Product-cecilian/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2923
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.51%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 20:38
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Action-Not Available
Vendor-foomatic-filtersDebian GNU/LinuxThe Linux Foundation
Product-debian_linuxfoomatic-filtersfoomatic-filters
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-1144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.12% / 30.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2011 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.

Action-Not Available
Vendor-n/aThe PHP Group
Product-pearn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-0702
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 8.55%
||
7 Day CHG~0.00%
Published-14 Feb, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.

Action-Not Available
Vendor-feh_projectn/a
Product-fehn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-4173
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 25.10%
||
7 Day CHG~0.00%
Published-22 Nov, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.

Action-Not Available
Vendor-openfabricsn/a
Product-libsdpn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-2053
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 9.47%
||
7 Day CHG~0.00%
Published-07 Jun, 2010 | 13:38
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.

Action-Not Available
Vendor-emesenen/a
Product-emesenen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-3982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 15.42%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.

Action-Not Available
Vendor-cisofyn/a
Product-lynisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-3986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-08 Jun, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.

Action-Not Available
Vendor-cisofyn/a
Product-lynisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-3424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.12% / 29.98%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

Action-Not Available
Vendor-mageia_projectn/aGNU
Product-emacsmageian/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-3422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.12% / 29.98%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.

Action-Not Available
Vendor-mageia_projectn/aGNU
Product-emacsmageian/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-1639
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-28 Jan, 2014 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-syncevolutionn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-5079
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 10.78%
||
7 Day CHG~0.00%
Published-30 Jun, 2011 | 15:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

Action-Not Available
Vendor-n/aGNU
Product-groffn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-6198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.08% / 23.99%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 03:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

Action-Not Available
Vendor-tatsn/aCanonical Ltd.
Product-ubuntu_linuxw3mn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-1753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 10.27%
||
7 Day CHG~0.00%
Published-21 May, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."

Action-Not Available
Vendor-emnn/a
Product-coccinellen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-19638
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-2.2||LOW
EPSS-0.04% / 12.94%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User can overwrite arbitrary log files in support tar

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.

Action-Not Available
Vendor-openSUSESUSE
Product-supportutilssupportutils
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-19044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.12% / 30.30%
||
7 Day CHG~0.00%
Published-08 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

Action-Not Available
Vendor-keepalivedn/a
Product-keepalivedn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-6124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 9.20%
||
7 Day CHG~0.00%
Published-31 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

Action-Not Available
Vendor-codeauroran/a
Product-android-msmn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-1088
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.12% / 30.44%
||
7 Day CHG~0.00%
Published-15 Feb, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

Action-Not Available
Vendor-iproute2_projectn/a
Product-iproute2n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-4116
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

Action-Not Available
Vendor-node_packaged_modules_projectn/a
Product-node_packaged_modulesn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-3368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 12.95%
||
7 Day CHG~0.00%
Published-23 Aug, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-rtn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-2105
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.12% / 29.93%
||
7 Day CHG~0.00%
Published-22 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

Action-Not Available
Vendor-jonathan_leungn/a
Product-show_in_browsern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-1444
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-3.3||LOW
EPSS-0.04% / 12.24%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.

Action-Not Available
Vendor-marc_vertesn/aDebian GNU/Linux
Product-txt2mann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-6348
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

Action-Not Available
Vendor-centrifyn/a
Product-centrify_deployment_managercentrify_suiten/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-5355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 13.90%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Action-Not Available
Vendor-bryce_harringtonn/a
Product-xdiagnosen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-3329
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-bootable_media_creatoradvanced_settings_utilitylinux_kerneln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-2093
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 10.23%
||
7 Day CHG~0.00%
Published-18 May, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

Action-Not Available
Vendor-gajimn/a
Product-gajimn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-2056
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-22 Jul, 2010 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aGNU
Product-gvn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • Next
Details not found