Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-18901 | Link Following vulnerability in multiple products A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. | 5.5 |
| 2020-03-02 | CVE-2019-18897 | Link Following vulnerability in multiple products A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. | 7.8 |
| 2020-02-28 | CVE-2019-3698 | Link Following vulnerability in multiple products UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. | 7.0 |
| 2020-02-27 | CVE-2020-3835 | Link Following vulnerability in Apple mac OS X A validation issue existed in the handling of symlinks. | 4.4 |
| 2020-02-27 | CVE-2020-3830 | Link Following vulnerability in Apple mac OS X A validation issue existed in the handling of symlinks. | 3.3 |
| 2020-02-21 | CVE-2012-1093 | Link Following vulnerability in Debian Linux and X11-Common The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | 7.8 |
| 2020-02-21 | CVE-2020-5324 | Link Following vulnerability in Dell products Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. | 4.4 |
| 2020-02-12 | CVE-2020-8950 | Link Following vulnerability in AMD User Experience Program 1.0.0.1 The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | 7.8 |
| 2020-02-11 | CVE-2020-0730 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
| 2020-02-08 | CVE-2019-11481 | Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. | 7.8 |