Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2019-1385 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2011-3618 | Link Following vulnerability in multiple products atop: symlink attack possible due to insecure tempfile handling | 7.8 |
| 2019-11-12 | CVE-2019-18658 | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 9.8 |
| 2019-11-12 | CVE-2011-5271 | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 |
| 2019-11-09 | CVE-2009-0035 | Link Following vulnerability in Alsa-Project Alsa 1.0.19 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 5.5 |
| 2019-11-07 | CVE-2013-1809 | Link Following vulnerability in multiple products Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | 7.5 |
| 2019-11-07 | CVE-2013-1429 | Link Following vulnerability in multiple products Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | 6.3 |
| 2019-10-31 | CVE-2019-18645 | Link Following vulnerability in Totaldefense Anti-Virus 11.5.2.28 The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. | 5.5 |
| 2019-10-30 | CVE-2010-0398 | Link Following vulnerability in Autokey Project Autokey The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | 6.5 |
| 2019-10-29 | CVE-2010-2064 | Link Following vulnerability in Rpcbind Project Rpcbind 0.2.0 rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | 7.1 |