Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-17567 1Jekyllrb 1Jekyll Nov 21, 2024 Sep 28, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
CVE-2018-10928 4Debian GlusterOpensuse+1 more 7Debian Linux Enterprise LinuxEnterprise Linux Server+4 more Nov 21, 2024 Sep 4, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create a...Show more A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.Show less
CVE-2018-6557 2Base Files Project Canonical 2Base Files Ubuntu Linux Nov 21, 2024 Aug 21, 2018 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial...Show more The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled.Show less
CVE-2011-2765 1Pyro Project 1Pyro Nov 21, 2024 Aug 20, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVE-2018-15351 1Kraftway 124f2xg Router Firmware Nov 21, 2024 Aug 17, 2018 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
CVE-2017-7500 1Rpm 1Rpm Nov 21, 2024 Aug 13, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being place...Show more It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.Show less
CVE-2018-10897 2Redhat Rpm 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Aug 1, 2018 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy file...Show more A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.Show less
CVE-2016-8641 1Nagios 1Nagios Nov 21, 2024 Aug 1, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create...Show more A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change.Show less
CVE-2017-15097 1Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+2 more Nov 21, 2024 Jul 27, 2018 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
CVE-2016-9595 2Redhat Theforeman 3Katello SatelliteSatellite Capsule Nov 21, 2024 Jul 27, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the con...Show more A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.Show less
CVE-2018-14335 1H2database 1H2 Nov 21, 2024 Jul 24, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
CVE-2014-4150 1S48 1Scheme48 Nov 21, 2024 Jul 20, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.
CVE-2014-0243 1Check Mk Project 1Check Mk Nov 21, 2024 Jul 19, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVE-2018-14329 1Htslib 1Htslib Nov 21, 2024 Jul 17, 2018 N/A· v4 4.7 MEDIUM· v3 3.3 LOW· v2 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
CVE-2018-11637 1Dialogic 1Powermedia Xms Nov 21, 2024 Jul 3, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.
CVE-2018-13054 2Debian Linuxmint 2Cinnamon Debian Linux Nov 21, 2024 Jul 2, 2018 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_fac...Show more An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.Show less
CVE-2018-1000544 3Debian RedhatRubyzip Project 3Cloudforms Debian LinuxRubyzip Nov 21, 2024 Jun 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a...Show more rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem..Show less
CVE-2018-12026 1Phusion 1Passenger Nov 21, 2024 Jun 17, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory w...Show more During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.Show less
CVE-2018-5107 2Canonical Mozilla 2Firefox Ubuntu Linux Nov 21, 2024 Jun 11, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be r...Show more The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58.Show less
CVE-2018-12015 6Apple Archive\Canonical+3 more 9\ Data Ontap EdgeDebian Linux+6 more Nov 21, 2024 Jun 7, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file wit...Show more In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.Show less

Previous 1...484950...76 Next