Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-2024 | Link Following vulnerability in Katacontainers Runtime An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. | 6.5 |
| 2020-05-11 | CVE-2020-5837 | Link Following vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. | 7.8 |
| 2020-04-29 | CVE-2020-11446 | Link Following vulnerability in Eset products ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. | 7.8 |
| 2020-04-26 | CVE-2020-12265 | Link Following vulnerability in Decompress Project Decompress The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | 9.8 |
| 2020-04-26 | CVE-2020-12254 | Link Following vulnerability in Avira Antivirus 1.0.2303.633 Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | 7.8 |
| 2020-04-22 | CVE-2020-8831 | Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. | 5.5 |
| 2020-04-21 | CVE-2020-8099 | Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138 A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. | 6.2 |
| 2020-04-17 | CVE-2020-10947 | Link Following vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 8.8 |
| 2020-04-15 | CVE-2020-8948 | Link Following vulnerability in Sierrawireless Mobile Broadband Driver Package The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. | 7.8 |
| 2020-04-15 | CVE-2020-7250 | Link Following vulnerability in Mcafee Endpoint Security Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | 7.8 |