Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2012-1093 | Link Following vulnerability in Debian Linux and X11-Common The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | 7.8 |
| 2020-02-21 | CVE-2020-5324 | Link Following vulnerability in Dell products Dell Client Consumer and Commercial Platforms contain an Arbitrary File Overwrite Vulnerability. | 4.4 |
| 2020-02-12 | CVE-2020-8950 | Link Following vulnerability in AMD User Experience Program 1.0.0.1 The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name. | 7.8 |
| 2020-02-11 | CVE-2020-0730 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. | 7.1 |
| 2020-02-08 | CVE-2019-11481 | Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. | 7.8 |
| 2020-02-04 | CVE-2020-7221 | Link Following vulnerability in Mariadb mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. | 7.8 |
| 2020-02-03 | CVE-2019-11251 | Link Following vulnerability in Kubernetes The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. | 5.7 |
| 2020-01-31 | CVE-2011-4116 | Link Following vulnerability in Cpan File::Temp _is_safe in the File::Temp module for Perl does not properly handle symlinks. | 7.5 |
| 2020-01-30 | CVE-2013-1867 | Link Following vulnerability in Apple Tokend 032013 Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |
| 2020-01-30 | CVE-2013-1866 | Link Following vulnerability in Opensc Project Opensc OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability | 6.1 |