Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-3368 1Bestpractical 1Rt Apr 29, 2026 Aug 23, 2013 N/A· v4 N/A· v3 3.3 LOW· v2 bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
CVE-2013-1888 2Fedoraproject Pypa 2Fedora Pip Apr 29, 2026 Aug 17, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.
CVE-2013-1976 1Redhat 2Enterprise Linux Jboss Enterprise Web Server Apr 29, 2026 Jul 9, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the...Show more The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.Show less
CVE-2013-0927 1Google 1Chrome Os Apr 29, 2026 Apr 10, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE envi...Show more Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data.Show less
CVE-2013-1495 1Oracle 1Support Tools Apr 29, 2026 Mar 18, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.
CVE-2013-1423 1Fusionforge 1Fusionforge Apr 29, 2026 Mar 14, 2013 N/A· v4 N/A· v3 6.9 MEDIUM· v2 (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugi...Show more (1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) deb-specific/fileforge.pl, (4) deb-specific/group_dump_update.pl, (5) deb-specific/ssh_dump_update.pl, (6) deb-specific/user_dump_update.pl, (7) plugins/scmbzr/common/BzrPlugin.class.php, (8) plugins/scmcvs/common/CVSPlugin.class.php, (9) plugins/scmcvs/cronjobs/cvs.php, (10) plugins/scmcvs/cronjobs/ssh_create.php, (11) plugins/scmgit/common/GitPlugin.class.php, (12) plugins/scmsvn/common/SVNPlugin.class.php, (13) plugins/wiki/cronjobs/create_groups.php, (14) utils/cvs1/cvscreate.sh, and (15) utils/include.pl in FusionForge 5.0, 5.1, and 5.2 allows local users to change arbitrary file permissions, obtain sensitive information, and have other unspecified impacts via a (1) symlink or (2) hard link attack on certain files.Show less
CVE-2013-0261 1Openstack 2Essex Folsom Apr 30, 2026 Mar 8, 2013 N/A· v4 8.8 HIGH· v3 4.4 MEDIUM· v2 A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the...Show more A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.Show less
CVE-2013-0200 2Hp Redhat 2Enterprise Linux Linux Imaging And Printing Project Apr 29, 2026 Mar 6, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /...Show more HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.Show less
CVE-2012-5564 1Google 1Android Debug Bridge Apr 29, 2026 Feb 14, 2013 N/A· v4 N/A· v3 3.3 LOW· v2 android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.
CVE-2012-6348 1Centrify 2Centrify Deployment Manager Centrify Suite Apr 29, 2026 Jan 4, 2013 N/A· v4 N/A· v3 3.3 LOW· v2 Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbi...Show more Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suite before 2012.5, allows local users to (1) overwrite arbitrary files via a symlink attack on the adcheckDMoutput temporary file, or (2) overwrite arbitrary files and consequently gain privileges via a symlink attack on the centrify.cmd.0 temporary file.Show less
CVE-2012-3329 1Ibm 2Advanced Settings Utility Bootable Media Creator Apr 29, 2026 Dec 19, 2012 N/A· v4 N/A· v3 3.3 LOW· v2 IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on...Show more IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 and Bootable Media Creator (BoMC) through 2.30 and 3.00 through 9.21 on Linux allow local users to overwrite arbitrary files via a symlink attack on a (1) temporary file or (2) log file.Show less
CVE-2012-5355 1Bryce Harrington 1Xdiagnose Apr 29, 2026 Oct 10, 2012 N/A· v4 N/A· v3 3.3 LOW· v2 welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
CVE-2012-4455 1Opencryptoki Project 1Opencryptoki Apr 29, 2026 Oct 10, 2012 N/A· v4 N/A· v3 6.2 MEDIUM· v2 openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
CVE-2011-4363 1Frii 1Proc\ Apr 29, 2026 Oct 7, 2012 N/A· v4 N/A· v3 2.6 LOW· v2 ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
CVE-2012-5303 1Monkey Project 1Monkey Apr 29, 2026 Oct 5, 2012 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname.
CVE-2011-5146 1Ingumadev 1Bokken Apr 29, 2026 Aug 31, 2012 N/A· v4 N/A· v3 2.6 LOW· v2 Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.
CVE-2012-2103 1Munin Monitoring 1Munin Apr 29, 2026 Aug 26, 2012 N/A· v4 N/A· v3 1.2 LOW· v2 The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
CVE-2012-4676 1Google 1Tunnelblick Apr 29, 2026 Aug 26, 2012 N/A· v4 N/A· v3 1.2 LOW· v2 The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
CVE-2012-3440 2Redhat Todd Miller 2Enterprise Linux Sudo Apr 29, 2026 Aug 8, 2012 N/A· v4 N/A· v3 5.6 MEDIUM· v2 A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
CVE-2011-4028 1X.org 1X Server Apr 29, 2026 Jul 3, 2012 N/A· v4 N/A· v3 1.2 LOW· v2 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the fil...Show more The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.Show less

Previous 1...575859...75 Next