Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-8454 1Checkpoint 1Endpoint Security Nov 21, 2024 Apr 29, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can writ...Show more A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.Show less
CVE-2019-11538 1Ivanti 1Connect Secure Nov 21, 2024 Apr 26, 2019 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of ar...Show more In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.Show less
CVE-2019-11503 1Canonical 1Snapd Nov 21, 2024 Apr 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
CVE-2019-11502 1Canonical 1Snapd Nov 21, 2024 Apr 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.
CVE-2019-8455 1Checkpoint 1Zonealarm Nov 21, 2024 Apr 17, 2019 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited acce...Show more A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.Show less
CVE-2019-0841 1Microsoft 6Windows 10 1703 Windows 10 1709Windows 10 1803+3 more Oct 29, 2025 Apr 9, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, C...Show more An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.Show less
CVE-2019-1002101 2Kubernetes Redhat 2Kubernetes Openshift Container Platform Nov 21, 2024 Apr 1, 2019 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on th...Show more The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.Show less
CVE-2019-5674 1Nvidia 1Geforce Experience Nov 21, 2024 Mar 28, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attack...Show more NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.Show less
CVE-2018-17955 1Opensuse 1Yast2 Multipath Nov 21, 2024 Mar 15, 2019 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
CVE-2018-19638 1Opensuse 1Supportutils Nov 21, 2024 Mar 5, 2019 N/A· v4 4.7 MEDIUM· v3 3.3 LOW· v2 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
CVE-2018-19637 1Opensuse 1Supportutils Nov 21, 2024 Mar 5, 2019 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
CVE-2019-5665 1Nvidia 1Gpu Driver Nov 21, 2024 Feb 27, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, de...Show more NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of privileges.Show less
CVE-2019-8372 1Lg 1Lha.sys Nov 21, 2024 Feb 18, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system priv...Show more The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.Show less
CVE-2019-0574 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jan 8, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Serve...Show more An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.Show less
CVE-2019-0572 1Microsoft 3Windows 10 Windows Server 2016Windows Server 2019 Nov 21, 2024 Jan 8, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Serve...Show more An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574.Show less
CVE-2018-1834 1Ibm 1Db2 Nov 21, 2024 Nov 9, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM...Show more IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.Show less
CVE-2018-1781 1Ibm 1Db2 Nov 21, 2024 Nov 9, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they origi...Show more IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.Show less
CVE-2018-1780 1Ibm 1Db2 Nov 21, 2024 Nov 9, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file t...Show more IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.Show less
CVE-2018-19044 1Keepalived 1Keepalived Nov 21, 2024 Nov 8, 2018 N/A· v4 4.7 MEDIUM· v3 3.3 LOW· v2 keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is se...Show more keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd.Show less
CVE-2018-14651 3Debian GlusterRedhat 3Debian Linux Enterprise LinuxGlusterfs Nov 21, 2024 Oct 31, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, cr...Show more It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.Show less

Previous 1...474849...76 Next