Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-07 | CVE-2015-6240 | Link Following vulnerability in Redhat Ansible The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | 7.8 |
| 2017-06-07 | CVE-2015-8326 | Link Following vulnerability in Iptables-Parse Project Iptables-Parse Module The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | 5.5 |
| 2017-06-07 | CVE-2015-7724 | Link Following vulnerability in AMD Fglrx-Driver 14.4.2/15.7 AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. | 7.8 |
| 2017-06-07 | CVE-2015-7723 | Link Following vulnerability in AMD Fglrx-Driver 14.4.2 AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | 7.8 |
| 2017-05-22 | CVE-2017-6981 | Link Following vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 7.8 |
| 2017-05-17 | CVE-2016-10374 | Link Following vulnerability in Perltidy Project Perltidy perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete. | 5.5 |
| 2017-04-04 | CVE-2017-7418 | Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. | 5.5 |
| 2017-04-02 | CVE-2017-2390 | Link Following vulnerability in Apple products An issue was discovered in certain Apple products. | 5.5 |
| 2017-03-23 | CVE-2016-9774 | Link Following vulnerability in multiple products The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. | 7.8 |
| 2017-02-20 | CVE-2016-7619 | Link Following vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 5.5 |