A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Max CVSS
3.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-03-11
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
Max CVSS
2.5
EPSS Score
0.05%
Published
2021-02-24
Updated
2022-11-04
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
Max CVSS
3.3
EPSS Score
0.05%
Published
2022-03-10
Updated
2024-01-16
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
Max CVSS
3.3
EPSS Score
0.04%
Published
2019-11-19
Updated
2022-11-08
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.6
EPSS Score
0.04%
Published
2015-06-02
Updated
2018-10-30
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.6
EPSS Score
0.04%
Published
2015-06-02
Updated
2016-12-07
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
Max CVSS
2.1
EPSS Score
0.04%
Published
2015-02-12
Updated
2018-10-30
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Max CVSS
1.9
EPSS Score
0.04%
Published
2015-02-19
Updated
2023-12-27
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Max CVSS
3.6
EPSS Score
0.04%
Published
2014-12-09
Updated
2017-07-01
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-05-08
Updated
2016-06-30
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2014-08-20
Updated
2018-10-30
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-05-12
Updated
2024-01-16
pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.
Max CVSS
2.6
EPSS Score
0.04%
Published
2013-10-09
Updated
2017-07-01
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program.
Max CVSS
3.7
EPSS Score
0.04%
Published
2011-04-08
Updated
2018-10-09
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-04-10
Updated
2016-12-07
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-01-14
Updated
2012-06-19
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
Max CVSS
3.5
EPSS Score
0.16%
Published
2010-09-15
Updated
2023-02-13
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2010-07-22
Updated
2010-07-22
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
Max CVSS
3.7
EPSS Score
0.04%
Published
2010-04-16
Updated
2010-06-07
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-04-16
Updated
2010-06-07
The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.
Max CVSS
2.1
EPSS Score
0.05%
Published
2010-01-14
Updated
2011-08-08
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
Max CVSS
3.3
EPSS Score
0.04%
Published
2011-06-30
Updated
2011-07-12
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!