Lucene search
K

80 matches found

Debian CVE
Debian CVE
added 2014/03/03 4:0 p.m.33 views

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

2.1CVSS5.9AI score0.00482EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2014/03/03 12:0 a.m.18 views

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

2.1CVSS5.9AI score0.00482EPSS
Exploits1References3
NVD
NVD
added 2014/01/28 12:55 a.m.26 views

CVE-2014-1604

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS6.1AI score0.00351EPSS
Exploits0References7
Prion
Prion
added 2014/01/28 12:55 a.m.14 views

Design/Logic Flaw

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

2.1CVSS6.6AI score0.00351EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/11/23 5:0 p.m.33 views

CVE-2013-2029

nagios.upgradetov3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/...

6.3AI score0.00354EPSS
Exploits0References2
Prion
Prion
added 2013/09/30 9:55 p.m.17 views

Design/Logic Flaw

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

4.4CVSS7.3AI score0.00329EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2013/09/30 9:55 p.m.29 views

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

4.4CVSS5.9AI score0.00329EPSS
Exploits0References2
OSV
OSV
added 2013/09/23 8:55 p.m.25 views

PYSEC-2013-32

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6AI score0.00558EPSS
Exploits0References5
OSV
OSV
added 2013/09/23 8:55 p.m.27 views

PYSEC-2013-33

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6AI score0.00558EPSS
Exploits0References5
Prion
Prion
added 2013/09/23 8:55 p.m.14 views

Design/Logic Flaw

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6.8AI score0.00558EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2013/09/23 8:0 p.m.30 views

CVE-2013-2217

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

6.1AI score0.00558EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/09/23 8:0 p.m.29 views

CVE-2013-2217

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6AI score0.00558EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/09/23 12:0 a.m.25 views

CVE-2013-2217

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS5.9AI score0.00558EPSS
Exploits0References3
Prion
Prion
added 2013/09/16 7:14 p.m.17 views

Design/Logic Flaw

runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/...

1.9CVSS6.5AI score0.00339EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/09/16 7:0 p.m.52 views

CVE-2013-4260

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/...

7.2AI score0.00329EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2013/08/23 4:55 p.m.19 views

CVE-2013-3368

bin/rt in Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name...

3.3CVSS7.3AI score0.00346EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2013/08/21 12:0 a.m.27 views

ansible -- local symlink exploits

MITRE reports: runner/connectionplugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does no...

3.3CVSS7.3AI score0.00339EPSS
Exploits0References2
RubySec
RubySec
added 2013/06/10 12:0 a.m.20 views

CVE-2013-4136 rubygem-passenger: insecure temporary directory usage due toreuse of existing server instance directories

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

4.4CVSS6.7AI score0.00329EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/05/29 12:0 a.m.40 views

CVE-2013-2119 rubygem-passenger: incorrect temporary file usage

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...

4.6CVSS6.2AI score0.004EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2013/03/08 9:55 p.m.5 views

CVE-2013-0261

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the /tmp directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption...

8.8CVSS5.4AI score0.00346EPSS
Exploits0References4
Rows per page
Query Builder