Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-8948 | Link Following vulnerability in Sierrawireless Mobile Broadband Driver Package The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. | 7.8 |
| 2020-04-15 | CVE-2020-7250 | Link Following vulnerability in Mcafee Endpoint Security Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | 7.8 |
| 2020-04-14 | CVE-2020-5738 | Link Following vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | 8.8 |
| 2020-04-13 | CVE-2020-11736 | Link Following vulnerability in multiple products fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | 3.9 |
| 2020-04-08 | CVE-2020-1885 | Link Following vulnerability in Oculus Desktop Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. | 7.8 |
| 2020-03-18 | CVE-2020-10665 | Link Following vulnerability in Docker Desktop Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. | 6.7 |
| 2020-03-12 | CVE-2020-0789 | Link Following vulnerability in Microsoft Visual Studio 2019 A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'. | 7.1 |
| 2020-03-12 | CVE-2020-0787 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-03-12 | CVE-2020-0779 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 5.5 |
| 2020-03-05 | CVE-2020-10174 | Link Following vulnerability in multiple products init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. | 7.0 |