Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2013-1867 | Link Following vulnerability in Apple Tokend 032013 Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |
| 2020-01-30 | CVE-2013-1866 | Link Following vulnerability in Opensc Project Opensc OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |
| 2020-01-28 | CVE-2012-6114 | Link Following vulnerability in Git-Extras Project Git-Extras 1.7.0 The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort. | 5.5 |
| 2020-01-21 | CVE-2020-7040 | Link Following vulnerability in multiple products storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. | 8.1 |
| 2020-01-21 | CVE-2019-18932 | Link Following vulnerability in multiple products log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. | 7.0 |
| 2020-01-14 | CVE-2020-0616 | Link Following vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'. | 5.5 |
| 2020-01-14 | CVE-2015-3147 | Link Following vulnerability in Redhat products daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | 6.5 |
| 2020-01-14 | CVE-2015-1869 | Link Following vulnerability in Redhat Automatic BUG Reporting Tool The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. | 7.8 |
| 2019-12-27 | CVE-2019-16896 | Link Following vulnerability in K7Computing K7 Ultimate Security 16.0.0117 In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | 7.8 |
| 2019-12-24 | CVE-2019-19695 | Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379 A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it. | 7.5 |