| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1051 |
CVE-2001-1346 |
|
|
|
2001-05-18 |
2021-04-07 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp. |
|
1052 |
CVE-2002-0141 |
|
|
|
2002-03-25 |
2008-11-04 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. |
|
1053 |
CVE-2002-0271 |
|
|
|
2002-05-29 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files. |
|
1054 |
CVE-2002-0296 |
|
|
|
2002-05-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. |
|
1055 |
CVE-2002-0435 |
|
|
|
2002-07-26 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system. |
|
1056 |
CVE-2002-0760 |
|
|
|
2002-08-12 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. |
|
1057 |
CVE-2002-1508 |
|
|
|
2003-02-19 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. |
|
1058 |
CVE-2002-1563 |
|
|
DoS |
2003-05-12 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. |
|
1059 |
CVE-2002-1674 |
|
|
DoS |
2002-12-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. |
|
1060 |
CVE-2002-2001 |
|
|
|
2002-12-31 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. |
|
1061 |
CVE-2003-0086 |
|
|
|
2003-03-31 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. |
|
1062 |
CVE-2003-0120 |
|
|
|
2003-03-07 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. |
|
1063 |
CVE-2003-0438 |
|
|
|
2003-07-24 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. |
|
1064 |
CVE-2003-0462 |
|
|
DoS |
2003-08-27 |
2017-10-11 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). |
|
1065 |
CVE-2003-0669 |
|
|
DoS |
2003-08-27 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users. |
|
1066 |
CVE-2003-1061 |
|
|
DoS |
2003-10-14 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines. |
|
1067 |
CVE-2003-1073 |
|
|
|
2003-12-31 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place. |
|
1068 |
CVE-2003-1080 |
|
|
|
2003-02-11 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users. |
|
1069 |
CVE-2004-0404 |
|
|
|
2004-07-07 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp. |
|
1070 |
CVE-2004-0814 |
|
|
DoS |
2004-12-23 |
2017-10-11 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. |
|
1071 |
CVE-2004-0880 |
|
|
|
2005-01-27 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. |
|
1072 |
CVE-2004-1058 |
|
|
|
2005-01-10 |
2018-10-03 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline. |
|
1073 |
CVE-2004-1069 |
|
|
DoS |
2005-01-10 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function. |
|
1074 |
CVE-2004-1191 |
|
|
|
2005-01-10 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." |
|
1075 |
CVE-2004-2231 |
|
|
|
2004-12-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. |
|
1076 |
CVE-2004-2473 |
59 |
|
|
2004-12-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
1077 |
CVE-2005-0448 |
|
|
|
2005-05-02 |
2018-10-03 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. |
|
1078 |
CVE-2005-0937 |
|
|
|
2005-02-22 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions. |
|
1079 |
CVE-2005-1066 |
|
|
|
2005-05-02 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. |
|
1080 |
CVE-2005-1176 |
|
|
+Info |
2005-05-02 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. |
|
1081 |
CVE-2005-1286 |
|
|
|
2005-05-02 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. |
|
1082 |
CVE-2005-1368 |
|
|
DoS |
2005-05-02 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP. |
|
1083 |
CVE-2005-1396 |
|
|
|
2005-05-03 |
2018-08-13 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file. |
|
1084 |
CVE-2005-1759 |
|
|
|
2005-06-28 |
2016-10-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. |
|
1085 |
CVE-2005-1878 |
|
|
|
2005-06-09 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file. |
|
1086 |
CVE-2005-2449 |
|
|
|
2005-08-03 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp. |
|
1087 |
CVE-2005-2475 |
|
|
|
2005-08-05 |
2017-10-11 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. |
|
1088 |
CVE-2005-2527 |
59 |
|
|
2005-12-31 |
2017-07-11 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. |
|
1089 |
CVE-2005-2666 |
255 |
|
|
2005-08-23 |
2017-10-11 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. |
|
1090 |
CVE-2005-3011 |
59 |
|
|
2005-09-21 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
|
1091 |
CVE-2005-3106 |
|
|
DoS |
2005-09-30 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. |
|
1092 |
CVE-2005-3274 |
|
|
DoS |
2005-10-21 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired. |
|
1093 |
CVE-2005-3342 |
|
|
|
2005-12-31 |
2011-03-08 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm. |
|
1094 |
CVE-2005-4660 |
|
|
+Priv |
2005-12-31 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. |
|
1095 |
CVE-2005-4761 |
|
|
|
2005-12-31 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. |
|
1096 |
CVE-2006-0050 |
|
|
|
2006-03-23 |
2017-07-20 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
|
1097 |
CVE-2006-0591 |
310 |
|
|
2006-02-08 |
2018-10-19 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. |
|
1098 |
CVE-2006-0741 |
|
|
DoS |
2006-03-07 |
2018-10-03 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address." |
|
1099 |
CVE-2006-1059 |
|
|
|
2006-03-30 |
2018-10-18 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. |
|
1100 |
CVE-2006-1066 |
|
|
DoS |
2006-03-27 |
2018-10-03 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call. |
