# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-28968 |
79 |
|
XSS |
2021-03-22 |
2021-03-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. |
2 |
CVE-2021-20197 |
362 |
|
|
2021-03-26 |
2022-09-30 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. |
3 |
CVE-2020-14311 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. |
4 |
CVE-2020-14310 |
190 |
|
Overflow |
2020-07-31 |
2021-10-19 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. |
5 |
CVE-2020-1752 |
416 |
|
Exec Code |
2020-04-30 |
2022-10-28 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. |
6 |
CVE-2018-16868 |
203 |
|
|
2018-12-03 |
2022-11-30 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
7 |
CVE-2018-0618 |
79 |
|
XSS |
2018-07-26 |
2020-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
8 |
CVE-2015-4156 |
59 |
|
|
2015-06-02 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. |
9 |
CVE-2015-4155 |
59 |
|
|
2015-06-02 |
2016-12-07 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. |
10 |
CVE-2015-1865 |
362 |
|
|
2017-09-20 |
2017-09-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
fts.c in coreutils 8.4 allows local users to delete arbitrary files. |
11 |
CVE-2014-8737 |
22 |
|
Dir. Trav. |
2014-12-09 |
2017-07-01 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. |
12 |
CVE-2014-3424 |
59 |
|
|
2014-05-08 |
2016-06-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. |
13 |
CVE-2014-3423 |
59 |
|
|
2014-05-08 |
2016-06-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. |
14 |
CVE-2014-3422 |
59 |
|
|
2014-05-08 |
2016-06-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. |
15 |
CVE-2014-3421 |
59 |
|
|
2014-05-08 |
2016-06-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. |
16 |
CVE-2014-2524 |
59 |
|
|
2014-08-20 |
2018-10-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. |
17 |
CVE-2011-1658 |
264 |
|
+Priv |
2011-04-08 |
2018-10-09 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. |
18 |
CVE-2011-1089 |
16 |
|
|
2011-04-10 |
2016-12-07 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. |
19 |
CVE-2010-4337 |
59 |
|
|
2011-01-14 |
2012-06-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/gnash-configure-errors.$$, (2) /tmp/gnash-configure-warnings.$$, or (3) /tmp/gnash-configure-recommended.$$ files. |
20 |
CVE-2010-3089 |
79 |
|
XSS |
2010-09-15 |
2014-02-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. |
21 |
CVE-2010-2056 |
59 |
|
|
2010-07-22 |
2010-07-22 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
22 |
CVE-2010-1161 |
362 |
|
|
2010-04-16 |
2010-06-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. |
23 |
CVE-2009-5081 |
59 |
|
|
2011-06-30 |
2013-12-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. |
24 |
CVE-2009-5080 |
59 |
|
|
2011-06-30 |
2013-12-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. |
25 |
CVE-2009-5079 |
59 |
|
|
2011-06-30 |
2013-12-13 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. |
26 |
CVE-2009-5044 |
59 |
|
|
2011-06-24 |
2016-03-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. |
27 |
CVE-2006-0353 |
200 |
|
DoS +Info |
2006-01-22 |
2017-07-20 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. |
28 |
CVE-2005-4268 |
119 |
|
DoS Exec Code Overflow |
2005-12-15 |
2018-10-03 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. |
29 |
CVE-2005-1111 |
|
|
|
2005-05-02 |
2017-10-11 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. |
30 |
CVE-2005-1039 |
|
|
|
2005-05-02 |
2008-09-05 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. |
31 |
CVE-2005-0988 |
|
|
|
2005-05-02 |
2017-10-11 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. |
32 |
CVE-2002-0044 |
|
|
|
2002-01-31 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. |
33 |
CVE-2000-0270 |
|
|
|
2000-04-18 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |