Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-4156 2Gnu Opensuse 2Opensuse Parallel May 6, 2026 Jun 2, 2015 N/A· v4 N/A· v3 3.6 LOW· v2 GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-4155 1Gnu 1Parallel May 6, 2026 Jun 2, 2015 N/A· v4 N/A· v3 3.6 LOW· v2 GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-3629 2Docker Opensuse 2Libcontainer Opensuse May 6, 2026 May 18, 2015 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a c...Show more Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.Show less
CVE-2015-3627 1Docker 2Docker Libcontainer May 6, 2026 May 18, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
CVE-2015-1130 1Apple 1Mac Os X Apr 21, 2026 Apr 10, 2015 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVE-2015-0556 2Arj Software Fedoraproject 2Arj Archiver Fedora May 6, 2026 Apr 8, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.
CVE-2014-9512 3Opensuse OracleSamba 3Opensuse RsyncSolaris May 6, 2026 Feb 12, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2015-1377 1Webmin 1Webmin May 6, 2026 Feb 10, 2015 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVE-2014-4480 1Apple 2Iphone Os Tvos May 6, 2026 Jan 30, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2015-1196 3Gnu OpensuseOracle 3Opensuse PatchSolaris May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1194 1Pax Project 1Pax May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-1038 37 Zip FedoraprojectOracle 3Fedora P7zipSolaris May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2014-9508 1Typo3 1Typo3 May 6, 2026 Jan 4, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allo...Show more The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.Show less
CVE-2014-6407 1Docker 1Docker May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
CVE-2014-4703 1Nagios 1Nagios May 6, 2026 Dec 5, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete...Show more lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.Show less
CVE-2014-3627 1Apache 1Hadoop May 6, 2026 Dec 5, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a...Show more The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.Show less
CVE-2014-8585 1W3eden 1Download Manager May 6, 2026 Nov 4, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) fil...Show more Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_download.php or (2) file_download.php.Show less
CVE-2014-7206 1Debian 2Advanced Package Tool Apt May 6, 2026 Oct 15, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
CVE-2014-1875 1Cspan 1Capture Tiny May 6, 2026 Oct 6, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2014-5459 3Opensuse OraclePhp 4Evergreen OpensusePhp+1 more May 6, 2026 Sep 27, 2014 N/A· v4 N/A· v3 3.6 LOW· v2 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrie...Show more The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.Show less

Previous 1...535455...76 Next