Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-26 | CVE-2017-18925 | Link Following vulnerability in Openr Opentmpfiles opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack. | 5.5 |
| 2020-10-22 | CVE-2020-9901 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
| 2020-10-22 | CVE-2020-9900 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
| 2020-10-16 | CVE-2020-16939 | Link Following vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. | 7.8 |
| 2020-10-02 | CVE-2020-25776 | Link Following vulnerability in Trendmicro Antivirus 2019/2020 Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. | 7.8 |
| 2020-09-29 | CVE-2020-24562 | Link Following vulnerability in Trendmicro Officescan XG A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. | 7.8 |
| 2020-09-21 | CVE-2020-6546 | Link Following vulnerability in multiple products Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 7.8 |
| 2020-09-18 | CVE-2020-25744 | Link Following vulnerability in Safervpn 4.2.5/5.0.2.20 SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. | 8.1 |
| 2020-09-13 | CVE-2020-25289 | Link Following vulnerability in Avast Secureline VPN The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). | 5.5 |
| 2020-09-11 | CVE-2020-16853 | Link Following vulnerability in Microsoft Onedrive <p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. | 7.1 |