| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1001 |
CVE-2016-0498 |
|
|
|
2016-01-21 |
2016-12-07 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install. |
|
1002 |
CVE-2016-7094 |
119 |
|
DoS Overflow |
2016-09-21 |
2017-07-01 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. |
|
1003 |
CVE-2017-3313 |
200 |
|
+Info |
2017-01-27 |
2019-05-22 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). |
|
1004 |
CVE-2017-3317 |
|
|
|
2017-01-27 |
2019-05-22 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). |
|
1005 |
CVE-2017-10268 |
200 |
|
+Info |
2017-10-19 |
2019-05-21 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
1006 |
CVE-2014-2485 |
|
|
|
2014-07-17 |
2018-10-09 |
1.4 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality via unknown vectors related to Integration Business Services. |
|
1007 |
CVE-2016-0618 |
|
|
|
2016-01-21 |
2016-12-22 |
1.4 |
None |
Local |
Low |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. |
|
1008 |
CVE-2017-13679 |
|
|
DoS |
2017-10-10 |
2019-10-03 |
1.4 |
None |
Local Network |
High |
??? |
None |
None |
Partial |
|
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. |
|
1009 |
CVE-2021-35618 |
|
|
DoS |
2021-10-20 |
2021-11-22 |
1.4 |
None |
Local Network |
High |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). |
|
1010 |
CVE-2011-2242 |
|
|
|
2011-07-20 |
2011-10-05 |
1.3 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP. |
|
1011 |
CVE-2015-5464 |
284 |
|
Bypass |
2015-07-22 |
2016-03-31 |
1.3 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. |
|
1012 |
CVE-1999-0371 |
|
|
|
1999-02-11 |
2008-09-09 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Lynx allows a local user to overwrite sensitive files through /tmp symlinks. |
|
1013 |
CVE-1999-0475 |
|
|
|
1999-04-05 |
2008-09-09 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail. |
|
1014 |
CVE-1999-1042 |
|
|
|
1999-12-31 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. |
|
1015 |
CVE-1999-1480 |
|
|
|
1998-06-11 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack. |
|
1016 |
CVE-1999-1486 |
|
|
|
1998-02-25 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. |
|
1017 |
CVE-2000-0154 |
|
|
|
2000-02-16 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
|
1018 |
CVE-2000-0210 |
|
|
|
2000-02-21 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. |
|
1019 |
CVE-2000-0224 |
|
|
+Priv |
2000-02-15 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. |
|
1020 |
CVE-2000-0371 |
|
|
|
1999-03-01 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. |
|
1021 |
CVE-2000-0718 |
|
|
|
2000-10-20 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. |
|
1022 |
CVE-2000-0723 |
|
|
|
2000-10-20 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. |
|
1023 |
CVE-2000-0890 |
|
|
|
2001-02-16 |
2018-05-03 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
|
1024 |
CVE-2000-0959 |
|
|
|
2000-12-19 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. |
|
1025 |
CVE-2000-1045 |
|
|
DoS |
2000-12-11 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. |
|
1026 |
CVE-2001-0036 |
|
|
|
2001-02-16 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. |
|
1027 |
CVE-2001-0095 |
|
|
|
2001-02-12 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. |
|
1028 |
CVE-2001-0109 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. |
|
1029 |
CVE-2001-0116 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. |
|
1030 |
CVE-2001-0117 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. |
|
1031 |
CVE-2001-0118 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. |
|
1032 |
CVE-2001-0119 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. |
|
1033 |
CVE-2001-0120 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. |
|
1034 |
CVE-2001-0125 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. |
|
1035 |
CVE-2001-0132 |
|
|
|
2001-03-12 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. |
|
1036 |
CVE-2001-0138 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
|
1037 |
CVE-2001-0139 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1038 |
CVE-2001-0140 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1039 |
CVE-2001-0141 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1040 |
CVE-2001-0142 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
1041 |
CVE-2001-0143 |
|
|
|
2001-03-12 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. |
|
1042 |
CVE-2001-0222 |
|
|
|
2001-03-26 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. |
|
1043 |
CVE-2001-0887 |
|
|
|
2002-01-15 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. |
|
1044 |
CVE-2001-1047 |
|
|
DoS |
2001-06-02 |
2017-12-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. |
|
1045 |
CVE-2001-1146 |
|
|
|
2001-07-11 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. |
|
1046 |
CVE-2001-1256 |
|
|
|
2001-06-11 |
2017-12-19 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. |
|
1047 |
CVE-2001-1276 |
|
|
|
2001-06-21 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
|
1048 |
CVE-2001-1301 |
|
|
|
2001-08-07 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. |
|
1049 |
CVE-2001-1331 |
|
|
|
2001-05-03 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. |
|
1050 |
CVE-2001-1333 |
|
|
|
2001-05-10 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. |
