Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,500)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-3847 1Gnu 1Glibc Apr 29, 2026 Jan 7, 2011 N/A· v4 N/A· v3 6.9 MEDIUM· v2 elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to g...Show more elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.Show less
CVE-2010-4173 1Openfabrics 1Libsdp Apr 29, 2026 Nov 22, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### te...Show more The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file.Show less
CVE-2010-1693 1Openfabrics 1Enterprise Distribution Apr 29, 2026 Oct 26, 2010 N/A· v4 N/A· v3 6.3 MEDIUM· v2 openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ib_set_node_desc.sh temporary file.
CVE-2009-5007 1Cisco 1Anyconnect Ssl Vpn Apr 29, 2026 Oct 14, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files.
CVE-2010-3691 1Apereo 1Phpcas Apr 29, 2026 Oct 7, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file.
CVE-2010-2794 1Redhat 1Spice Xpi Apr 29, 2026 Aug 30, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
CVE-2010-2056 1Gnu 1Gv Apr 29, 2026 Jul 22, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2010-0832 1Canonical 1Ubuntu Linux Apr 29, 2026 Jul 12, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary f...Show more pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.Show less
CVE-2010-2431 1Apple 1Cups Apr 29, 2026 Jun 22, 2010 N/A· v4 N/A· v3 2.6 LOW· v2 The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file...Show more The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.Show less
CVE-2010-2192 1Vincent Fourmond 1Pmount Apr 29, 2026 Jun 18, 2010 N/A· v4 N/A· v3 1.9 LOW· v2 The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
CVE-2010-0546 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At...Show more Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.Show less
CVE-2010-2053 1Emesene 1Emesene Apr 29, 2026 Jun 7, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 emesenelib/ProfileManager.py in emesene before 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on the emsnpic temporary file.
CVE-2010-2027 1Wolfram Research 1Mathematica Apr 29, 2026 May 24, 2010 N/A· v4 N/A· v3 1.9 LOW· v2 Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.
CVE-2010-1626 2Mysql Oracle 2Mysql Mysql Apr 29, 2026 May 21, 2010 N/A· v4 N/A· v3 3.6 LOW· v2 MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and C...Show more MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.Show less
CVE-2010-1160 1Gnu 1Nano Apr 29, 2026 Apr 16, 2010 N/A· v4 N/A· v3 1.9 LOW· v2 GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an...Show more GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.Show less
CVE-2010-1183 1Sun 1Solaris Apr 29, 2026 Mar 29, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
CVE-2010-0439 1Chip Salzenberg 1Deliver Apr 29, 2026 Mar 26, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Chip Salzenberg Deliver allows local users to cause a denial of service, obtain sensitive information, and possibly change the ownership of arbitrary files via a symlink attack on an unspecified file.
CVE-2009-1299 1Pulseaudio 1Pulseaudio Apr 29, 2026 Mar 18, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.
CVE-2010-0792 1Thibault Godouet 1Fcron Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 1.9 LOW· v2 fcrontab in fcron before 3.0.5 allows local users to read arbitrary files via a symlink attack on an unspecified file.
CVE-2009-4664 1Fwbuilder 1Firewall Builder Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 3.3 LOW· v2 Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

Previous 1...606162...75 Next