Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0779 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. | 5.5 |
| 2020-03-05 | CVE-2020-10174 | Link Following vulnerability in multiple products init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. | 7.0 |
| 2020-02-27 | CVE-2020-3835 | Link Following vulnerability in Apple mac OS X A validation issue existed in the handling of symlinks. | 4.4 |
| 2020-02-27 | CVE-2020-3830 | Link Following vulnerability in Apple mac OS X A validation issue existed in the handling of symlinks. | 3.3 |
| 2020-02-21 | CVE-2012-1093 | Link Following vulnerability in Debian Linux and X11-Common The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | 7.8 |
| 2020-02-21 | CVE-2020-5324 | Link Following vulnerability in Dell products Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. | 4.4 |
| 2020-02-12 | CVE-2020-8950 | Link Following vulnerability in AMD User Experience Program 1.0.0.1 The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | 7.8 |
| 2020-02-11 | CVE-2020-0730 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
| 2020-02-08 | CVE-2019-11481 | Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. | 7.8 |
| 2020-02-04 | CVE-2020-7221 | Link Following vulnerability in Mariadb mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. | 7.8 |