Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-9900 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
| 2020-10-02 | CVE-2020-25776 | Link Following vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. | 7.8 |
| 2020-09-29 | CVE-2020-24562 | Link Following vulnerability in Trendmicro Officescan XG A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-09-21 | CVE-2020-6546 | Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 7.8 |
| 2020-09-18 | CVE-2020-25744 | Link Following vulnerability in Safervpn 4.2.5/5.0.2.20 SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. | 8.1 |
| 2020-09-13 | CVE-2020-25289 | Link Following vulnerability in Avast Secureline VPN The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 5.5 |
| 2020-09-09 | CVE-2020-7325 | Link Following vulnerability in Mcafee Mvision Endpoint 18.11.31.62/20.5.0.94/20.7 Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.9 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 7.8 |
| 2020-09-09 | CVE-2020-7319 | Link Following vulnerability in Mcafee Endpoint Security Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | 8.8 |
| 2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 3.3 |
| 2020-09-01 | CVE-2020-24955 | Link Following vulnerability in Superantispyware Professional X SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware. | 7.8 |