Romang

**Name of the Vulnerable Software and Affected Versions** GNOME Workstation Command Center versions 0.9.6 and earlier **Description** The issue allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc out.txt temporary file. This is due to a problem in the perform file save function. **Recommendations** For versions 0.9.6 and earlier, consider restricting access to the perform file save function until a patch is available. As a temporary workaround, avoid using the perform file save function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SILC versions 1.0 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file. This is due to a flaw in the silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC). **Recommendations** For SILC versions 1.0 and earlier, consider restricting access to the silc daemon to prevent local users from exploiting this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** log4sh versions 1.2.5 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. This is due to a problem in the log4sh readProperties function. **Recommendations** For versions 1.2.5 and earlier, consider restricting access to the log4sh readProperties function until a patch is available. As a temporary workaround, avoid using predictable filenames to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** shtool versions 2.0.1 and earlier **Description** A race condition issue exists, allowing local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created. **Recommendations** For versions 2.0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** everybuddy versions 0.4.3 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to `wget`. This is a result of a symlink attack vulnerability. **Recommendations** For everybuddy versions 0.4.3 and earlier, as a temporary workaround, consider restricting the use of the `wget` system call until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.