Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2019-18658 | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 9.8 |
| 2019-11-12 | CVE-2011-5271 | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 |
| 2019-11-09 | CVE-2009-0035 | Link Following vulnerability in Alsa-Project Alsa 1.0.19 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 5.5 |
| 2019-11-07 | CVE-2013-1809 | Link Following vulnerability in multiple products Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | 7.5 |
| 2019-11-07 | CVE-2013-1429 | Link Following vulnerability in multiple products Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks. | 6.3 |
| 2019-10-31 | CVE-2019-18645 | Link Following vulnerability in Totaldefense Anti-Virus 11.5.2.28 The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. | 5.5 |
| 2019-10-30 | CVE-2010-0398 | Link Following vulnerability in Autokey Project Autokey The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack. | 6.5 |
| 2019-10-29 | CVE-2010-2064 | Link Following vulnerability in Rpcbind Project Rpcbind 0.2.0 rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr. | 7.1 |
| 2019-10-29 | CVE-2011-1408 | Link Following vulnerability in multiple products ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | 8.2 |
| 2019-10-29 | CVE-2012-2945 | Link Following vulnerability in Apache Hadoop 1.0.3 Hadoop 1.0.3 contains a symlink vulnerability. | 7.5 |