Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,501)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-3423 2Gnu Mageia Project 2Emacs Mageia May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
CVE-2014-3422 2Gnu Mageia Project 2Emacs Mageia May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
CVE-2014-3421 2Gnu Mageia Project 2Emacs Mageia May 6, 2026 May 8, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
CVE-2013-4215 1Nagios 1Plugins May 6, 2026 May 5, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
CVE-2013-0350 1David Leonard 1Pkstat May 6, 2026 May 5, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
CVE-2010-5105 1Blender 1Blender May 6, 2026 Apr 27, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression o...Show more The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.Show less
CVE-2014-2893 2Llvm Opensuse 2Clang Opensuse May 6, 2026 Apr 23, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable...Show more The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.Show less
CVE-2013-4472 1Freedesktop 1Poppler May 6, 2026 Apr 22, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with pre...Show more The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.Show less
CVE-2013-4116 1Node Packaged Modules Project 1Node Packaged Modules May 6, 2026 Apr 22, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.
CVE-2013-2105 1Jonathan Leung 1Show In Browser May 6, 2026 Apr 22, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
CVE-2012-0871 2Opensuse Systemd Project 2Opensuse Systemd May 6, 2026 Apr 18, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directo...Show more The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.Show less
CVE-2014-1932 2Python Pythonware 2Pillow Python Imaging Library May 6, 2026 Apr 17, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlie...Show more The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.Show less
CVE-2011-3154 1Canonical 2Ubuntu Linux Update Manager May 6, 2026 Apr 17, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly crea...Show more DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.Show less
CVE-2011-0460 2Kbd Project Opensuse 2Kbd Opensuse May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.
CVE-2013-6456 2Fedoraproject Redhat 2Fedora Libvirt May 6, 2026 Apr 15, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitr...Show more The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.Show less
CVE-2001-1593 1Gnu 1A2ps May 6, 2026 Apr 5, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary fil...Show more The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.Show less
CVE-2014-1272 1Apple 2Iphone Os Tvos May 6, 2026 Mar 14, 2014 N/A· v4 N/A· v3 6.3 MEDIUM· v2 CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
CVE-2014-1838 2Logilab Opensuse 2Logilab Common Opensuse May 6, 2026 Mar 11, 2014 N/A· v4 N/A· v3 4.4 MEDIUM· v2 The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /...Show more The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.Show less
CVE-2011-3153 2Canonical Robert Ancell 2Lightdm Ubuntu Linux May 6, 2026 Mar 6, 2014 N/A· v4 N/A· v3 1.9 LOW· v2 dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.
CVE-2012-1088 1Iproute2 Project 1Iproute2 Apr 29, 2026 Feb 15, 2014 N/A· v4 N/A· v3 3.3 LOW· v2 iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script.

Previous 1...555657...76 Next