Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-3237 | Link Following vulnerability in Cisco IOX A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. | 6.3 |
| 2020-06-03 | CVE-2020-3223 | Link Following vulnerability in Cisco IOS XE A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. | 4.9 |
| 2020-05-29 | CVE-2020-7653 | Link Following vulnerability in Synk Broker All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. | 6.5 |
| 2020-05-21 | CVE-2020-6477 | Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. | 7.8 |
| 2020-05-19 | CVE-2020-2024 | Link Following vulnerability in Katacontainers Runtime An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. | 6.5 |
| 2020-05-11 | CVE-2020-5837 | Link Following vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 |
| 2020-04-29 | CVE-2020-11446 | Link Following vulnerability in Eset products ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. | 7.8 |
| 2020-04-26 | CVE-2020-12265 | Link Following vulnerability in Decompress Project Decompress The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | 9.8 |
| 2020-04-26 | CVE-2020-12254 | Link Following vulnerability in Avira Antivirus 1.0.2303.633 Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | 7.8 |
| 2020-04-22 | CVE-2020-8831 | Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. | 5.5 |