Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-03 | CVE-2019-11251 | Link Following vulnerability in Kubernetes The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. | 5.7 |
| 2020-01-31 | CVE-2011-4116 | Link Following vulnerability in Cpan File::Temp _is_safe in the File::Temp module for Perl does not properly handle symlinks. | 7.5 |
| 2020-01-30 | CVE-2013-1867 | Link Following vulnerability in Apple Tokend 032013 Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |
| 2020-01-30 | CVE-2013-1866 | Link Following vulnerability in Opensc Project Opensc OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |
| 2020-01-28 | CVE-2012-6114 | Link Following vulnerability in Git-Extras Project Git-Extras 1.7.0 The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | 5.5 |
| 2020-01-21 | CVE-2020-7040 | Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. | 8.1 |
| 2020-01-21 | CVE-2019-18932 | Link Following vulnerability in multiple products log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. | 7.0 |
| 2020-01-14 | CVE-2020-0616 | Link Following vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 5.5 |
| 2020-01-14 | CVE-2015-3147 | Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | 6.5 |
| 2020-01-14 | CVE-2015-1869 | Link Following vulnerability in Redhat Automatic BUG Reporting Tool The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | 7.8 |