Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10380 3Debian KdeOpensuse 3Debian Linux LeapPlasma Nov 21, 2024 May 8, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
CVE-2018-10722 1Cylance 1Cylanceprotect Nov 21, 2024 May 4, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify a...Show more In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses.Show less
CVE-2013-0159 1Fedoraproject 1Fedora Nov 21, 2024 May 1, 2018 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fed...Show more The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.Show less
CVE-2016-9602 2Debian Qemu 2Debian Linux Qemu Nov 21, 2024 Apr 26, 2018 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escal...Show more Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.Show less
CVE-2018-4112 1Apple 1Mac Os X Nov 21, 2024 Apr 3, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.
CVE-2014-2312 1Intel 1Thermald Nov 21, 2024 Mar 26, 2018 N/A· v4 5.5 MEDIUM· v3 6.6 MEDIUM· v2 The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
CVE-2018-5225 1Atlassian 1Bitbucket Nov 21, 2024 Mar 22, 2018 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for...Show more In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.Show less
CVE-2018-1196 1Vmware 1Spring Boot Nov 21, 2024 Mar 19, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is...Show more Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible.Show less
CVE-2017-1002101 1Kubernetes 1Kubernetes Nov 21, 2024 Mar 13, 2018 N/A· v4 9.6 CRITICAL· v3 5.5 MEDIUM· v2 In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can...Show more In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.Show less
CVE-2018-1000073 1Rubygems 1Rubygems Nov 21, 2024 Mar 13, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversa...Show more RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.Show less
CVE-2017-2619 3Debian RedhatSamba 3Debian Linux Enterprise LinuxSamba Nov 21, 2024 Mar 12, 2018 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
CVE-2015-0796 1Opensuse 1Open Buildservice Nov 21, 2024 Mar 2, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to b...Show more In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.Show less
CVE-2018-1063 2Redhat Selinux Project 2Enterprise Linux Selinux Nov 21, 2024 Mar 2, 2018 N/A· v4 4.4 MEDIUM· v3 3.3 LOW· v2 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only ha...Show more Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.Show less
CVE-2017-5188 1Opensuse 1Open Build Service Nov 21, 2024 Mar 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
CVE-2017-18188 1Openr 1Opentmpfiles Nov 21, 2024 Feb 14, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be ru...Show more OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run.Show less
CVE-2018-6954 3Canonical OpensuseSystemd Project 3Leap SystemdUbuntu Linux Jun 9, 2025 Feb 13, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a fil...Show more systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.Show less
CVE-2014-3219 2Fedoraproject Fishshell 2Fedora Fish Nov 21, 2024 Feb 9, 2018 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
CVE-2017-18078 3Debian OpensuseSystemd Project 3Debian Linux LeapSystemd Nov 21, 2024 Jan 29, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access rest...Show more systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.Show less
CVE-2018-6198 2Canonical Tats 2Ubuntu Linux W3m Nov 21, 2024 Jan 25, 2018 N/A· v4 4.7 MEDIUM· v3 3.3 LOW· v2 w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
CVE-2017-15111 1Keycloak Httpd Client Install Project 1Keycloak Httpd Client Install Nov 21, 2024 Jan 20, 2018 N/A· v4 5.5 MEDIUM· v3 3.6 LOW· v2 keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.

Previous 1...495051...76 Next