Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-2093

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-18 May, 2012 | 22:00
Updated At-06 Aug, 2024 | 19:26
Rejected At-
Credits

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:18 May, 2012 | 22:00
Updated At:06 Aug, 2024 | 19:26
Rejected At:
▼CVE Numbering Authority (CNA)

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2012/04/10/6
mailing-list
x_refsource_MLIST
http://hg.gajim.org/gajim/rev/f046e4aaf7d4
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/53017
vdb-entry
x_refsource_BID
http://secunia.com/advisories/48794
third-party-advisory
x_refsource_SECUNIA
https://trac.gajim.org/changeset/13759/src/common/latex.py
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-201208-04.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
vdb-entry
x_refsource_XF
http://secunia.com/advisories/48695
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
vendor-advisory
x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/04/10/15
mailing-list
x_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://hg.gajim.org/gajim/rev/f046e4aaf7d4
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/53017
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/48794
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://trac.gajim.org/changeset/13759/src/common/latex.py
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-201208-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/48695
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/15
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
Resource:
vendor-advisory
x_refsource_FEDORA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2012/04/10/6
mailing-list
x_refsource_MLIST
x_transferred
http://hg.gajim.org/gajim/rev/f046e4aaf7d4
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/53017
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/48794
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://trac.gajim.org/changeset/13759/src/common/latex.py
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-201208-04.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/48695
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.openwall.com/lists/oss-security/2012/04/10/15
mailing-list
x_refsource_MLIST
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://hg.gajim.org/gajim/rev/f046e4aaf7d4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/53017
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/48794
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://trac.gajim.org/changeset/13759/src/common/latex.py
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201208-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/48695
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/15
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:18 May, 2012 | 22:55
Updated At:11 Apr, 2025 | 00:51

src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.3LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:L/AC:M/Au:N/C:N/I:P/A:P
CPE Matches
gajim
gajim
>>gajim>>0.15
cpe:2.3:a:gajim:gajim:0.15:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://hg.gajim.org/gajim/rev/f046e4aaf7d4secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/48695secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/48794secalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-201208-04.xmlsecalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/04/10/15secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2012/04/10/6secalert@redhat.com
N/A
http://www.securityfocus.com/bid/53017secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869secalert@redhat.com
N/A
https://trac.gajim.org/changeset/13759/src/common/latex.pysecalert@redhat.com
N/A
http://hg.gajim.org/gajim/rev/f046e4aaf7d4af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48695af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/48794af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201208-04.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/04/10/15af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2012/04/10/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/53017af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/74869af854a3a-2127-422b-91ae-364da2661108
N/A
https://trac.gajim.org/changeset/13759/src/common/latex.pyaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://hg.gajim.org/gajim/rev/f046e4aaf7d4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48695
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48794
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201208-04.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/15
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/6
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53017
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://trac.gajim.org/changeset/13759/src/common/latex.py
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://hg.gajim.org/gajim/rev/f046e4aaf7d4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48695
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/48794
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201208-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/15
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2012/04/10/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/53017
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/74869
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://trac.gajim.org/changeset/13759/src/common/latex.py
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

81Records found
CVE-2014-3423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.14% / 34.49%
||
7 Day CHG~0.00%
Published-08 May, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

Action-Not Available
Vendor-mageia_projectn/aGNU
Product-mageiaemacsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-1640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-28 Jan, 2014 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-axiomn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-4472
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.07% / 21.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Action-Not Available
Vendor-n/afreedesktop.org
Product-popplern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-6124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 7.25%
||
7 Day CHG~0.00%
Published-31 Aug, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

Action-Not Available
Vendor-codeauroran/a
Product-android-msmn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-3368
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 11.89%
||
7 Day CHG~0.00%
Published-23 Aug, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-rtn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-2142
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-19 Jan, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.

Action-Not Available
Vendor-libimobiledevicen/a
Product-libimobiledevicen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-2105
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.06% / 17.45%
||
7 Day CHG~0.00%
Published-22 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

Action-Not Available
Vendor-jonathan_leungn/a
Product-show_in_browsern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-3329
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 28.95%
||
7 Day CHG~0.00%
Published-19 Dec, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-advanced_settings_utilitybootable_media_creatorlinux_kerneln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-1444
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-3.3||LOW
EPSS-0.05% / 14.15%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.

Action-Not Available
Vendor-marc_vertesn/aDebian GNU/Linux
Product-txt2mann/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-6348
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.

Action-Not Available
Vendor-centrifyn/a
Product-centrify_deployment_managercentrify_suiten/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2533
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-22 Jun, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.

Action-Not Available
Vendor-n/afreedesktop.org
Product-dbusn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-5564
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 5.02%
||
7 Day CHG~0.00%
Published-14 Feb, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.

Action-Not Available
Vendor-n/aGoogle LLC
Product-android_debug_bridgen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-5355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-10 Oct, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Action-Not Available
Vendor-bryce_harringtonn/a
Product-xdiagnosen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2020-7282
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.40%
||
7 Day CHG~0.00%
Published-03 Jul, 2020 | 13:25
Updated-04 Aug, 2024 | 09:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation vulnerability in McAfee Total Protection (MTP)

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-2056
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 11.56%
||
7 Day CHG~0.00%
Published-22 Jul, 2010 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Action-Not Available
Vendor-n/aGNU
Product-gvn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-0789
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.06% / 19.16%
||
7 Day CHG~0.00%
Published-02 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

Action-Not Available
Vendor-fusen/a
Product-fusen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-1088
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-15 Feb, 2014 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

Action-Not Available
Vendor-iproute2_projectn/a
Product-iproute2n/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-5271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.55%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 13:12
Updated-07 Aug, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pacemaker before 1.1.6 configure script creates temporary files insecurely

Action-Not Available
Vendor-clusterlabsn/a
Product-pacemakern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-0118
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-3.3||LOW
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-25 Feb, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bournal before 1.4.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files associated with a --hack_the_gibson update check.

Action-Not Available
Vendor-becauseintern/a
Product-bournaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-4454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.06% / 19.11%
||
7 Day CHG~0.00%
Published-29 Dec, 2009 | 22:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user privileges to overwrite arbitrary files via a symlink attack on /var/log/videocache/vccleaner.log.

Action-Not Available
Vendor-sainin/a
Product-videocachen/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2012-0054
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 12.99%
||
7 Day CHG~0.00%
Published-19 Mar, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.

Action-Not Available
Vendor-golismeron/a
Product-golismeron/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-4060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 8.31%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack.

Action-Not Available
Vendor-qnxn/a
Product-neutrino_rtosn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-1832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 15:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.

Action-Not Available
Vendor-cecilian/a
Product-cecilian/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-3699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 8.04%
||
7 Day CHG~0.00%
Published-14 Aug, 2008 | 23:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.

Action-Not Available
Vendor-amarokn/a
Product-amarokn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2924
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.64%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:20
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.

Action-Not Available
Vendor-foomatic-filtersDebian GNU/LinuxFedora ProjectThe Linux Foundation
Product-debian_linuxfoomatic-filtersfedorafoomatic-filters
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-6198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.77%
||
7 Day CHG~0.00%
Published-25 Jan, 2018 | 03:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

Action-Not Available
Vendor-tatsn/aCanonical Ltd.
Product-ubuntu_linuxw3mn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-19638
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-2.2||LOW
EPSS-0.04% / 11.87%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 16:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User can overwrite arbitrary log files in support tar

In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.

Action-Not Available
Vendor-openSUSESUSE
Product-supportutilssupportutils
CWE ID-CWE-377
Insecure Temporary File
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-19044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 53.34%
||
7 Day CHG-0.01%
Published-08 Nov, 2018 | 20:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.

Action-Not Available
Vendor-keepalivedn/a
Product-keepalivedn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-3204
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 7.66%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file.

Action-Not Available
Vendor-geoff_wongn/a
Product-hammerheadn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2018-14329
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 11.12%
||
7 Day CHG~0.00%
Published-17 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

Action-Not Available
Vendor-htslibn/a
Product-htslibn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2011-1920
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-23 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and other products, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to (1) bsd.lib.mk and (2) bsd.prog.mk.

Action-Not Available
Vendor-ihjin/aNetBSD
Product-pmakenetbsdn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • Next
Details not found