Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2015-8860 | Link Following vulnerability in Nodejs Node.Js The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 7.5 |
| 2017-01-20 | CVE-2016-6253 | Link Following vulnerability in Netbsd mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox. | 7.8 |
| 2016-12-15 | CVE-2016-9566 | Link Following vulnerability in Nagios base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. | 7.8 |
| 2016-12-13 | CVE-2016-6664 | Link Following vulnerability in multiple products mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. | 7.0 |
| 2016-11-29 | CVE-2016-1247 | Link Following vulnerability in multiple products The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. | 7.8 |
| 2016-11-10 | CVE-2016-7490 | Link Following vulnerability in Teradata Studio Express 15.12.00.00 The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. | 7.8 |
| 2016-06-03 | CVE-2016-3096 | Link Following vulnerability in multiple products The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | 7.8 |
| 2016-05-06 | CVE-2015-0858 | Link Following vulnerability in multiple products Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | 3.3 |
| 2016-01-11 | CVE-2015-6566 | Link Following vulnerability in multiple products zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | 8.4 |
| 2016-01-08 | CVE-2015-7758 | Link Following vulnerability in multiple products Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | 3.3 |