← Back
CWE-59

1,501 CVEs • Abstraction: Base • Likelihood of Exploit: Medium

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

JSON object

Loading...

CVEs (1,501)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-1876
1Oracle
1Openjdk
Apr 29, 2026
Feb 10, 2014
N/A· v4
N/A· v3
4.4 MEDIUM· v2
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary...Show more
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.Show less
CVE-2010-4226
2Gnu
Opensuse
2Cpio
Opensuse
Apr 29, 2026
Feb 6, 2014
N/A· v4
7.2 HIGH· v3
5.0 MEDIUM· v2
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
CVE-2014-1640
1Debian
1Axiom
Apr 29, 2026
Jan 28, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a...Show more
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.Show less
CVE-2014-1639
1Debian
1Syncevolution
Apr 29, 2026
Jan 28, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwr...Show more
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.Show less
CVE-2014-1638
1Debian
1Localepurge
Apr 29, 2026
Jan 28, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows l...Show more
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.Show less
CVE-2014-1624
1Python
1Pyxdg
Apr 29, 2026
Jan 28, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned locati...Show more
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.Show less
CVE-2014-0027
1Cmu
1Flite
Apr 29, 2026
Jan 26, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party informatio...Show more
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.Show less
CVE-2013-6891
2Apple
Canonical
2Cups
Ubuntu Linux
Apr 29, 2026
Jan 26, 2014
N/A· v4
N/A· v3
1.2 LOW· v2
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
CVE-2013-2142
1Libimobiledevice
1Libimobiledevice
Apr 29, 2026
Jan 19, 2014
N/A· v4
N/A· v3
3.3 LOW· v2
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobilede...Show more
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.Show less
CVE-2013-4969
4Canonical
DebianPuppet+1 more
4Debian Linux
PuppetPuppet Enterprise+1 more
Apr 29, 2026
Jan 7, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
CVE-2013-6402
1Hp
1Linux Imaging And Printing Project
Apr 29, 2026
Jan 5, 2014
N/A· v4
N/A· v3
2.1 LOW· v2
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
CVE-2013-2561
2Openfabrics
Redhat
2Enterprise Linux
Ibutils
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs,...Show more
OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/.Show less
CVE-2012-0786
1Augeas
1Augeas
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
3.3 LOW· v2
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
CVE-2013-4214
2Nagios
Redhat
2Nagios
Openstack
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
CVE-2013-2029
1Redhat
1Openstack
Apr 29, 2026
Nov 23, 2013
N/A· v4
N/A· v3
6.3 MEDIUM· v2
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a...Show more
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.Show less
CVE-2013-4392
1Systemd Project
1Systemd
Apr 29, 2026
Oct 28, 2013
N/A· v4
5.0 MEDIUM· v3
3.3 LOW· v2
systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.
CVE-2013-4157
1Redhat
1Storage Server
Apr 29, 2026
Oct 4, 2013
N/A· v4
N/A· v3
3.6 LOW· v2
Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp.
CVE-2013-1444
2Debian
Marc Vertes
2Txt2man
Txt2man
Apr 29, 2026
Sep 30, 2013
N/A· v4
N/A· v3
3.3 LOW· v2
A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.
CVE-2013-4136
1Phusion
1Passenger
Apr 29, 2026
Sep 30, 2013
N/A· v4
N/A· v3
4.4 MEDIUM· v2
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a pre...Show more
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.Show less
CVE-2013-2217
3Jeff Ortel
OpensuseRedhat
3Enterprise Linux
OpensuseSuds
Apr 29, 2026
Sep 23, 2013
N/A· v4
N/A· v3
1.2 LOW· v2
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.