Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2019-09-11 CVE-2019-1267 Link Following vulnerability in Microsoft products
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-59
7.8
7.8
2019-08-29 CVE-2019-11396 Link Following vulnerability in Avira Free Security Suite and Software Updater
An issue was discovered in Avira Free Security Suite 10.
local
low complexity
avira CWE-59
7.8
7.8
2019-08-26 CVE-2018-20990 Link Following vulnerability in TAR Project TAR
An issue was discovered in the tar crate before 0.4.16 for Rust.
network
low complexity
tar-project CWE-59
7.5
7.5
2019-08-20 CVE-2018-1634 Link Following vulnerability in IBM Informix Dynamic Server 12.10
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME.
local
low complexity
ibm CWE-59
6.7
6.7
2019-08-20 CVE-2018-1633 Link Following vulnerability in IBM Informix Dynamic Server 12.10
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd.
local
low complexity
ibm CWE-59
6.7
6.7
2019-08-20 CVE-2018-1632 Link Following vulnerability in IBM Informix Dynamic Server 12.10
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs.
local
low complexity
ibm CWE-59
6.7
6.7
2019-08-20 CVE-2018-1631 Link Following vulnerability in IBM Informix Dynamic Server 12.1
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash.
local
low complexity
ibm CWE-59
6.7
6.7
2019-08-20 CVE-2018-1630 Link Following vulnerability in IBM Informix Dynamic Server 12.1
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode.
local
low complexity
ibm CWE-59
6.7
6.7
2019-08-06 CVE-2019-5683 Link Following vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component.
local
low complexity
nvidia CWE-59
7.8
7.8
2019-07-30 CVE-2019-10152 Link Following vulnerability in multiple products
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers.
local
high complexity
libpod-project opensuse CWE-59
7.2
7.2