Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-16896 | Link Following vulnerability in K7Computing K7 Ultimate Security 16.0.0117 In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | 7.8 |
| 2019-12-24 | CVE-2019-19695 | Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379 A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | 7.5 |
| 2019-12-23 | CVE-2019-8463 | Link Following vulnerability in Checkpoint Endpoint Security Clients E81.00 A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. | 7.5 |
| 2019-12-23 | CVE-2019-6679 | Link Following vulnerability in F5 products On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. | 3.3 |
| 2019-12-20 | CVE-2019-19693 | Link Following vulnerability in Trendmicro products The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. | 7.1 |
| 2019-12-18 | CVE-2019-8789 | Link Following vulnerability in Apple Iphone OS A validation issue existed in the handling of symlinks. | 5.5 |
| 2019-12-18 | CVE-2019-8568 | Link Following vulnerability in Apple products A validation issue existed in the handling of symlinks. | 5.5 |
| 2019-12-16 | CVE-2019-10773 | Link Following vulnerability in Yarnpkg Yarn In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. | 7.8 |
| 2019-12-11 | CVE-2019-18232 | Link Following vulnerability in Gemalto Sentinel LDK License Manager SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. | 7.8 |
| 2019-12-10 | CVE-2019-1483 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |