Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3618 2Atop Project Debian 2Atop Debian Linux Nov 21, 2024 Nov 12, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 atop: symlink attack possible due to insecure tempfile handling
CVE-2019-18658 1Helm 1Helm Nov 21, 2024 Nov 12, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execu...Show more In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.Show less
CVE-2011-5271 1Clusterlabs 1Pacemaker Nov 21, 2024 Nov 12, 2019 N/A· v4 5.5 MEDIUM· v3 3.3 LOW· v2 Pacemaker before 1.1.6 configure script creates temporary files insecurely
CVE-2009-0035 1Alsa Project 1Alsa Nov 21, 2024 Nov 9, 2019 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.
CVE-2013-1809 2Debian Gambas Project 2Debian Linux Gambas Nov 21, 2024 Nov 7, 2019 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
CVE-2013-1429 2Canonical Debian 3Debian Linux LintianUbuntu Linux Nov 21, 2024 Nov 7, 2019 N/A· v4 6.3 MEDIUM· v3 4.3 MEDIUM· v2 Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
CVE-2019-18645 1Totaldefense 1Anti Virus Nov 21, 2024 Oct 31, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories.
CVE-2010-0398 1Autokey Project 1Autokey Nov 21, 2024 Oct 30, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.
CVE-2010-2064 1Rpcbind Project 1Rpcbind Nov 21, 2024 Oct 29, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.
CVE-2011-1408 2Debian Ikiwiki 2Debian Linux Ikiwiki Nov 21, 2024 Oct 29, 2019 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
CVE-2012-2945 1Apache 1Hadoop Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Hadoop 1.0.3 contains a symlink vulnerability.
CVE-2019-18466 1Libpod Project 1Libpod Nov 21, 2024 Oct 28, 2019 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could cr...Show more An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.Show less
CVE-2019-15627 1Trendmicro 1Deep Security Nov 21, 2024 Oct 17, 2019 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows age...Show more Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.Show less
CVE-2019-1339 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Oct 10, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CV...Show more An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.Show less
CVE-2019-1317 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Oct 10, 2019 N/A· v4 7.3 HIGH· v3 5.6 MEDIUM· v2 A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
CVE-2019-1315 1Microsoft 13Windows 10 1607 Windows 10 1703Windows 10 1709+10 more Oct 29, 2025 Oct 10, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CV...Show more An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.Show less
CVE-2019-12672 1Cisco 1Ios Nov 21, 2024 Sep 25, 2019 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with ro...Show more A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient file location validation. An attacker could exploit this vulnerability by placing code in a specific format on a USB device and inserting it into an affected Cisco device. A successful exploit could allow the attacker to execute the code with root privileges on the underlying OS of the affected device.Show less
CVE-2019-1280 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Sep 11, 2019 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user righ...Show more A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.Show less
CVE-2019-1270 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Sep 11, 2019 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'.
CVE-2019-1267 1Microsoft 7Windows 10 Windows 7Windows 8.1+4 more Nov 21, 2024 Sep 11, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Ap...Show more An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.Show less

Previous 1...444546...76 Next