Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-13 | CVE-2017-8806 | Link Following vulnerability in Postgresql The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | 5.5 |
| 2017-11-07 | CVE-2017-2916 | Link Following vulnerability in Meetcircle Circle With Disney Firmware 2.0.1 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. | 8.8 |
| 2017-11-06 | CVE-2015-7529 | Link Following vulnerability in multiple products sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 7.8 |
| 2017-10-23 | CVE-2011-2684 | Link Following vulnerability in Rkkda Foo2Zjs 20090908Dfsg5.1+Squeeze0/20110722Dfsg1/20110722Dfsg3Ubuntu1 foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. | 5.5 |
| 2017-10-05 | CVE-2017-1301 | Link Following vulnerability in IBM Tivoli Storage Manager IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. | 5.5 |
| 2017-10-05 | CVE-2017-1000115 | Link Following vulnerability in multiple products Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | 7.5 |
| 2017-09-06 | CVE-2015-5705 | Link Following vulnerability in multiple products Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | 7.5 |
| 2017-08-25 | CVE-2015-5701 | Link Following vulnerability in TUG Texlive mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | 6.1 |
| 2017-08-25 | CVE-2015-5700 | Link Following vulnerability in TUG Texlive mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | 6.1 |
| 2017-08-25 | CVE-2015-3211 | Link Following vulnerability in PHP-Fpm php-fpm allows local users to write to or create arbitrary files via a symlink attack. | 5.5 |