Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-4996 1Vladtheenterprising Project 1Vladtheenterprising Nov 21, 2024 Jan 10, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
CVE-2014-5509 1Clipboard Project 1Clipboard Nov 21, 2024 Jan 8, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.
CVE-2014-1859 3Fedoraproject NumpyRedhat 3Enterprise Linux FedoraNumpy Nov 21, 2024 Jan 8, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary f...Show more (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.Show less
CVE-2013-4364 1Redhat 1Openshift Nov 21, 2024 Jan 8, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified...Show more (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.Show less
CVE-2017-1000420 1Syncthing 1Syncthing Nov 21, 2024 Jan 2, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
CVE-2014-4978 2Fedoraproject Rawstudio 2Fedora Rawstudio May 13, 2026 Dec 29, 2017 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.
CVE-2016-1255 1Debian 1Postgresql Common May 13, 2026 Dec 5, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS be...Show more The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.Show less
CVE-2017-16611 3Canonical DebianX 3Debian Linux LibxfontUbuntu Linux May 13, 2026 Dec 1, 2017 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
CVE-2017-15357 1Arqbackup 1Arq May 13, 2026 Dec 1, 2017 N/A· v4 7.4 HIGH· v3 6.9 MEDIUM· v2 The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVE-2017-7501 1Rpm 1Rpm May 13, 2026 Nov 22, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic li...Show more It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.Show less
CVE-2017-12172 1Postgresql 1Postgresql May 13, 2026 Nov 22, 2017 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effecti...Show more PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.Show less
CVE-2017-8806 1Postgresql 1Postgresql May 13, 2026 Nov 13, 2017 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handle...Show more The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.Show less
CVE-2017-2916 1Meetcircle 1Circle With Disney Firmware May 13, 2026 Nov 7, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can...Show more An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2015-7529 3Canonical RedhatSos Project 8Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+5 more May 13, 2026 Nov 6, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$da...Show more sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.Show less
CVE-2011-2684 1Rkkda 1Foo2zjs May 13, 2026 Oct 23, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local...Show more foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.Show less
CVE-2017-1301 1Ibm 1Tivoli Storage Manager May 13, 2026 Oct 5, 2017 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability b...Show more IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.Show less
CVE-2017-12258 1Cisco 1Unified Communications Manager May 13, 2026 Oct 5, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected s...Show more A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.Show less
CVE-2017-1000115 3Debian MercurialRedhat 8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 more May 13, 2026 Oct 5, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-7549 1Openstack 1Instack Undercloud May 13, 2026 Sep 21, 2017 N/A· v4 6.4 MEDIUM· v3 3.3 LOW· v2 A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and sec...Show more A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.Show less
CVE-2015-5705 2Devscripts Devel Team Fedoraproject 2Devscripts Fedora May 13, 2026 Sep 6, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

Previous 1...505152...76 Next