Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-16 | CVE-2019-10773 | Link Following vulnerability in Yarnpkg Yarn In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. | 7.8 |
| 2019-12-11 | CVE-2019-18232 | Link Following vulnerability in Gemalto Sentinel LDK License Manager SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. | 7.8 |
| 2019-12-10 | CVE-2019-1483 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-12-10 | CVE-2013-4184 | Link Following vulnerability in multiple products Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | 5.5 |
| 2019-12-05 | CVE-2019-7183 | Link Following vulnerability in Qnap QTS This improper link resolution vulnerability allows remote attackers to access system files. | 9.8 |
| 2019-12-05 | CVE-2019-3690 | Link Following vulnerability in Opensuse Leap 15.1 The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). | 7.8 |
| 2019-12-03 | CVE-2019-3750 | Link Following vulnerability in Dell Command Update Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. | 5.5 |
| 2019-12-03 | CVE-2019-3749 | Link Following vulnerability in Dell Command Update Dell Command Update versions prior to 3.1 contain an Arbitrary File Deletion Vulnerability. | 5.5 |
| 2019-11-26 | CVE-2011-3632 | Link Following vulnerability in multiple products Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | 7.1 |
| 2019-11-25 | CVE-2011-3351 | Link Following vulnerability in Openvas Openvas-Scanner openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. | 7.1 |