Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2014-3219 | Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | 7.8 |
| 2018-01-29 | CVE-2017-18078 | Link Following vulnerability in multiple products systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | 7.8 |
| 2018-01-25 | CVE-2018-6198 | Link Following vulnerability in multiple products w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | 4.7 |
| 2018-01-20 | CVE-2017-15111 | Link Following vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. | 5.5 |
| 2018-01-10 | CVE-2014-4996 | Link Following vulnerability in Vladtheenterprising Project Vladtheenterprising 0.2.0 lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}. | 5.5 |
| 2018-01-08 | CVE-2014-5509 | Link Following vulnerability in Clipboard Project Clipboard clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. | 5.5 |
| 2018-01-08 | CVE-2014-1859 | Link Following vulnerability in multiple products (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | 5.5 |
| 2018-01-08 | CVE-2013-4364 | Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | 7.8 |
| 2018-01-02 | CVE-2017-1000420 | Link Following vulnerability in Syncthing Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | 7.5 |
| 2017-12-29 | CVE-2014-4978 | Link Following vulnerability in multiple products The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | 5.5 |