Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,501)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-6124 1Codeaurora 1Android Msm May 6, 2026 Aug 31, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2...Show more The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.Show less
CVE-2014-4199 1Vmware 3Tools Vm SupportWorkstation May 6, 2026 Aug 28, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
CVE-2014-3563 1Saltstack 1Salt May 6, 2026 Aug 22, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud...Show more Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.Show less
CVE-2014-2524 4Fedoraproject GnuMageia+1 more 4Fedora MageiaOpensuse+1 more May 6, 2026 Aug 20, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
CVE-2014-5260 1Xml Dt Project 1Xml Dt May 6, 2026 Aug 16, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
CVE-2014-5045 2Linux Redhat 4Enterprise Linux Eus Enterprise Linux Server AusEnterprise Linux Server Tus+1 more May 6, 2026 Aug 1, 2014 N/A· v4 N/A· v3 6.2 MEDIUM· v2 The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows...Show more The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.Show less
CVE-2014-5030 2Apple Canonical 2Cups Ubuntu Linux May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
CVE-2014-5029 2Apple Canonical 2Cups Ubuntu Linux May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 1.5 LOW· v2 The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of a...Show more The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.Show less
CVE-2013-7393 1Apache 1Subversion May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 2.4 LOW· v2 The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NO...Show more The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).Show less
CVE-2013-4262 1Apache 1Subversion May 6, 2026 Jul 28, 2014 N/A· v4 N/A· v3 2.4 LOW· v2 svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to...Show more svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.Show less
CVE-2014-3537 3Apple CanonicalFedoraproject 3Cups FedoraUbuntu Linux May 6, 2026 Jul 23, 2014 N/A· v4 N/A· v3 1.2 LOW· v2 The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
CVE-2014-3486 1Redhat 1Cloudforms 3.0 Management Engine May 6, 2026 Jul 7, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary...Show more The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.Show less
CVE-2014-4038 3Ppc64 Diag Project RedhatSuse 3Enterprise Linux Server Linux Enterprise ServerPpc64 Diag May 6, 2026 Jun 17, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3)...Show more ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.Show less
CVE-2009-5023 1Fail2ban 1Fail2ban May 6, 2026 Jun 10, 2014 N/A· v4 N/A· v3 4.7 MEDIUM· v2 The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on tempor...Show more The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.Show less
CVE-2014-3977 1Ibm 2Aix Vios May 6, 2026 Jun 8, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2014-3986 1Cisofy 1Lynis May 6, 2026 Jun 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
CVE-2014-3982 1Cisofy 1Lynis May 6, 2026 Jun 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
CVE-2014-3981 1Php 1Php May 6, 2026 Jun 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file.
CVE-2014-1934 2Opensuse Travis Shirk 2Eyed3 Opensuse May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.
CVE-2014-3424 2Gnu Mageia Project 2Emacs Mageia May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

Previous 1...545556...76 Next