cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-02-19
Updated
2023-12-27
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-04-16
Updated
2010-06-07
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-04-01
Updated
2017-08-17
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
Max CVSS
1.9
EPSS Score
0.04%
Published
2005-11-18
Updated
2011-10-18
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Max CVSS
1.2
EPSS Score
0.06%
Published
2005-09-21
Updated
2018-10-19
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
Max CVSS
1.2
EPSS Score
0.04%
Published
2002-07-26
Updated
2008-09-05
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
Max CVSS
1.2
EPSS Score
0.04%
Published
2001-08-07
Updated
2008-09-05
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.04%
Published
2000-12-19
Updated
2017-10-10
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!