Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1876

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Feb, 2014 | 23:00
Updated At-06 Aug, 2024 | 09:58
Rejected At-
Credits

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Feb, 2014 | 23:00
Updated At:06 Aug, 2024 | 09:58
Rejected At:
▼CVE Numbering Authority (CNA)

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2187-1
vendor-advisory
x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-0675.html
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2014:0414
vendor-advisory
x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://www.ubuntu.com/usn/USN-2191-1
vendor-advisory
x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=140852886808946&w=2
vendor-advisory
x_refsource_HP
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2014:0413
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1060907
x_refsource_MISC
http://secunia.com/advisories/59058
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=140852886808946&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=140852974709252&w=2
vendor-advisory
x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2014-0685.html
vendor-advisory
x_refsource_REDHAT
http://www.debian.org/security/2014/dsa-2912
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
x_refsource_CONFIRM
http://secunia.com/advisories/58415
third-party-advisory
x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
x_refsource_MISC
http://marc.info/?l=bugtraq&m=140852974709252&w=2
vendor-advisory
x_refsource_HP
http://seclists.org/oss-sec/2014/q1/285
mailing-list
x_refsource_MLIST
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
x_refsource_CONFIRM
http://seclists.org/oss-sec/2014/q1/242
mailing-list
x_refsource_MLIST
http://www-01.ibm.com/support/docview.wss?uid=swg21679713
x_refsource_CONFIRM
http://www.securityfocus.com/bid/65568
vdb-entry
x_refsource_BID
http://osvdb.org/102808
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.ubuntu.com/usn/USN-2187-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0675.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.ubuntu.com/usn/USN-2191-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0413
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1060907
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/59058
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0685.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.debian.org/security/2014/dsa-2912
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/58415
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
Resource:
x_refsource_MISC
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://seclists.org/oss-sec/2014/q1/285
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Resource:
x_refsource_CONFIRM
Hyperlink: http://seclists.org/oss-sec/2014/q1/242
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/65568
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://osvdb.org/102808
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-2187-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-0675.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2014:0414
vendor-advisory
x_refsource_REDHAT
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.ubuntu.com/usn/USN-2191-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://marc.info/?l=bugtraq&m=140852886808946&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21672080
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2014:0413
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1060907
x_refsource_MISC
x_transferred
http://secunia.com/advisories/59058
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=140852886808946&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=140852974709252&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://rhn.redhat.com/errata/RHSA-2014-0685.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.debian.org/security/2014/dsa-2912
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/58415
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
x_refsource_MISC
x_transferred
http://marc.info/?l=bugtraq&m=140852974709252&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://seclists.org/oss-sec/2014/q1/285
mailing-list
x_refsource_MLIST
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21676746
x_refsource_CONFIRM
x_transferred
http://seclists.org/oss-sec/2014/q1/242
mailing-list
x_refsource_MLIST
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21679713
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/65568
vdb-entry
x_refsource_BID
x_transferred
http://osvdb.org/102808
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2187-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0675.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2191-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0413
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1060907
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/59058
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0685.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.debian.org/security/2014/dsa-2912
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/58415
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://seclists.org/oss-sec/2014/q1/285
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://seclists.org/oss-sec/2014/q1/242
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/65568
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://osvdb.org/102808
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Feb, 2014 | 23:55
Updated At:11 Apr, 2025 | 00:51

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Oracle Corporation
oracle
>>openjdk>>1.6.0
cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>openjdk>>1.7.0
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>openjdk>>1.8.0
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-59Primarynvd@nist.gov
CWE ID: CWE-59
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=140852886808946&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=140852886808946&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=140852974709252&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=140852974709252&w=2cve@mitre.org
N/A
http://osvdb.org/102808cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-0675.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2014-0685.htmlcve@mitre.org
N/A
http://seclists.org/oss-sec/2014/q1/242cve@mitre.org
N/A
http://seclists.org/oss-sec/2014/q1/285cve@mitre.org
N/A
http://secunia.com/advisories/58415cve@mitre.org
N/A
http://secunia.com/advisories/59058cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-201406-32.xmlcve@mitre.org
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21672080cve@mitre.org
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676746cve@mitre.org
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679713cve@mitre.org
N/A
http://www.debian.org/security/2014/dsa-2912cve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/65568cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-2187-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-2191-1cve@mitre.org
N/A
https://access.redhat.com/errata/RHSA-2014:0413cve@mitre.org
N/A
https://access.redhat.com/errata/RHSA-2014:0414cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1060907cve@mitre.org
N/A
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=140852886808946&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=140852886808946&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=140852974709252&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=140852974709252&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/102808af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-0675.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2014-0685.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2014/q1/242af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/oss-sec/2014/q1/285af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/58415af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59058af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21672080af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21676746af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21679713af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2014/dsa-2912af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/65568af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2187-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2191-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2014:0413af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2014:0414af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=1060907af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/102808
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0675.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0685.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q1/242
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q1/285
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/58415
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/59058
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2912
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/65568
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2187-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2191-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0413
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1060907
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852886808946&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=140852974709252&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/102808
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0675.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2014-0685.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q1/242
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/oss-sec/2014/q1/285
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/58415
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59058
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21672080
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21676746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21679713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2014/dsa-2912
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/65568
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2187-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2191-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0413
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1060907
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

173Records found
CVE-2020-2701
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2008-2576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 35.15%
||
7 Day CHG~0.00%
Published-15 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2020-2575
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.14%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 14:40
Updated-27 Sep, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2020-2556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.31%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-primavera_p6_enterprise_project_portfolio_managementPrimavera P6 Professional Project Management
CVE-2020-9484
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7||HIGH
EPSS-93.25% / 99.79%
||
7 Day CHG~0.00%
Published-20 May, 2020 | 18:26
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectMcAfee, LLCThe Apache Software FoundationopenSUSEOracle CorporationCanonical Ltd.
Product-communications_diameter_signaling_routerubuntu_linuxepolicy_orchestratorsiebel_apps_-_marketingsiebel_ui_frameworkcommunications_session_route_managercommunications_session_report_managerdatabasecommunications_instant_messaging_serveragile_plmagile_engineering_data_managementcommunications_cloud_native_core_policymanaged_file_transferdebian_linuxretail_order_brokermysql_enterprise_monitorinstantis_enterprisetrackfedoratransportation_managementhospitality_guest_accesscommunications_cloud_native_core_binding_support_functiontomcatcommunications_element_managerfmw_platformworkload_managerleapApache Tomcat
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2007-2110
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.12% / 32.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2007 | 18:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).

Action-Not Available
Vendor-n/aMicrosoft CorporationOracle Corporation
Product-windowsdatabase_servern/a
CVE-2012-0110
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.38% / 58.53%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2020-2911
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-2851
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.00%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2020-2913
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-14674
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.00%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14647
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-14677
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.29%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14646
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-14724
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.70%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-26 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2020-14675
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.29%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14699
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-26 Sep, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2020-14543
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.70%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_reporting_and_analyticsHospitality Reporting and Analytics
CVE-2016-5572
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.4||MEDIUM
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-databasen/a
CVE-2020-14676
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-14561
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.3||HIGH
EPSS-0.07% / 20.52%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Reporting and Analytics executes to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Reporting and Analytics. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-food_and_beverage_applicationsHospitality Reporting and Analytics
CVE-2020-13630
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 14:42
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Action-Not Available
Vendor-sqliten/aNetApp, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.Siemens AGApple Inc.Fedora ProjectBrocade Communications Systems, Inc. (Broadcom Inc.)
Product-ubuntu_linuxitunesiphone_oscloud_backupsqlitecommunications_network_charging_and_controloutside_in_technologymacoshci_compute_nodeicloudsinec_infrastructure_network_servicesdebian_linuxipadostvoswatchosfedorazfs_storage_appliance_kitsolidfire\,_enterprise_sds_\&_hci_storage_nodehci_compute_node_firmwarefabric_operating_systemn/a
CWE ID-CWE-416
Use After Free
CVE-2018-2830
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.07% / 21.82%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2016-0444
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.18%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0447 and CVE-2016-0449.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_grid_controln/a
CVE-2021-25329
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7||HIGH
EPSS-4.62% / 88.84%
||
7 Day CHG~0.00%
Published-01 Mar, 2021 | 12:00
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incomplete fix for CVE-2020-9484

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationThe Apache Software Foundation
Product-graph_server_and_clientdebian_linuxcommunications_cloud_native_core_security_edge_protection_proxymysql_enterprise_monitorinstantis_enterprisetracksiebel_ui_frameworktomcatdatabasecommunications_instant_messaging_serveragile_plmcommunications_cloud_native_core_policymanaged_file_transferApache Tomcat
CVE-2021-2309
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.08% / 25.11%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2011-0808
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.15% / 36.20%
||
7 Day CHG~0.00%
Published-20 Apr, 2011 | 03:09
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) vswk6.dll or (b) libvs_wk6.so in Outside In 8.1.0.4037 through 8.3.5.5684, involving the Lotus 123 parser.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2021-32803
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.25%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 19:05
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.

Action-Not Available
Vendor-tar_projectnpmOracle CorporationSiemens AG
Product-sinec_infrastructure_network_servicestargraalvmnode-tar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-32553
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.04% / 9.52%
||
7 Day CHG~0.00%
Published-12 Jun, 2021 | 03:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport read_file() function could follow maliciously constructed symbolic links

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkapport
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2005-0004
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 15.58%
||
7 Day CHG~0.00%
Published-20 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationMariaDB Foundation
Product-mysqlmariadbdebian_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-28163
Matching Score-6
Assigner-Eclipse Foundation
ShareView Details
Matching Score-6
Assigner-Eclipse Foundation
CVSS Score-2.7||LOW
EPSS-0.15% / 36.42%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 14:20
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Action-Not Available
Vendor-NetApp, Inc.Eclipse Foundation AISBLOracle CorporationThe Apache Software FoundationFedora Project
Product-virtual_storage_consolesiebel_core_-_automationbanking_digital_experiencee-series_performance_analyzerignitecommunications_session_route_managersnapcenter_plug-incommunications_session_report_managerautovue_for_agile_product_lifecycle_managementcloud_managersnapcenterbanking_apissolrstorage_replication_adapter_for_clustered_data_ontapfedorae-series_santricity_os_controllerelement_plug-in_for_vcenter_servervasa_provider_for_clustered_data_ontapsantricity_cloud_connectore-series_santricity_web_servicescommunications_services_gatekeepercommunications_element_managerjettyEclipse Jetty
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2016-6664
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-44.47% / 97.47%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.

Action-Not Available
Vendor-perconan/aOracle CorporationMariaDB Foundation
Product-percona_servermariadbmysqlxtradb_clustern/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-1626
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.6||LOW
EPSS-0.07% / 20.80%
||
7 Day CHG~0.00%
Published-21 May, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-0870
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.

Action-Not Available
Vendor-n/aOracle CorporationBEA Systems, Inc.
Product-weblogic_portaln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-16775
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.30% / 52.81%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 00:55
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized File Access in npm CLI before before version 6.13.3

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Action-Not Available
Vendor-npmjsnpmopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-graalvmenterprise_linuxfedoraenterprise_linux_eusnpmleapcli
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-7247
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.45% / 62.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2009 | 17:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-1038
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-3.18% / 86.45%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Action-Not Available
Vendor-7-zipn/aFedora ProjectOracle Corporation
Product-solarisfedorap7zipn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-9512
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-8.88% / 92.20%
||
7 Day CHG~0.00%
Published-12 Feb, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

Action-Not Available
Vendor-n/aSambaOracle CorporationopenSUSE
Product-opensusersyncsolarisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2014-5459
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.10% / 27.85%
||
7 Day CHG~0.00%
Published-27 Sep, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

Action-Not Available
Vendor-n/aThe PHP GroupOracle CorporationopenSUSE
Product-opensuseevergreensolarisphpn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2008-4098
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.29% / 51.88%
||
7 Day CHG~0.00%
Published-17 Sep, 2008 | 18:06
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Action-Not Available
Vendor-mysqln/aOracle CorporationCanonical Ltd.Debian GNU/Linux
Product-debian_linuxubuntu_linuxmysqln/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2015-1196
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.85% / 74.00%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Action-Not Available
Vendor-n/aGNUOracle CorporationopenSUSE
Product-patchopensusesolarisn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-1495
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.59%
||
7 Day CHG~0.00%
Published-18 Mar, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.

Action-Not Available
Vendor-n/aOracle Corporation
Product-support_toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2007-4652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.31% / 53.56%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 19:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-2185
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.48%
||
7 Day CHG~0.00%
Published-27 Jul, 2011 | 01:29
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.

Action-Not Available
Vendor-fabfilen/a
Product-fabricn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-4215
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 25.97%
||
7 Day CHG~0.00%
Published-05 May, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-pluginsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2011-0754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-02 Feb, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

Action-Not Available
Vendor-n/aThe PHP GroupMicrosoft Corporation
Product-phpwindowsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-28098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.35%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 14:56
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.

Action-Not Available
Vendor-n/aForescout Technologies, Inc.
Product-counteractn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-427
Uncontrolled Search Path Element
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2010-0787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-02 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2010-0788
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-02 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.

Action-Not Available
Vendor-ncpfsn/a
Product-ncpfsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2009-4135
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUFedora Project
Product-ubuntu_linuxfedoracoreutilsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found