Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-16 | CVE-2019-0936 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-05-10 | CVE-2019-5438 | Link Following vulnerability in Harpjs Harp Path traversal using symlink in npm harp module versions <= 0.29.0. | 5.3 |
| 2019-05-10 | CVE-2019-11879 | Link Following vulnerability in Ruby-Lang Webrick 1.4.2 The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. | 5.5 |
| 2019-05-03 | CVE-2019-1836 | Link Following vulnerability in Cisco Nx-Os 14.0(3D) A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. | 7.1 |
| 2019-04-30 | CVE-2018-20834 | Link Following vulnerability in Node-Tar Project Node-Tar A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). | 7.5 |
| 2019-04-29 | CVE-2019-8454 | Link Following vulnerability in Checkpoint Endpoint Security A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | 7.0 |
| 2019-04-26 | CVE-2019-11538 | Link Following vulnerability in Ivanti Connect Secure In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device. | 7.7 |
| 2019-04-24 | CVE-2019-11503 | Link Following vulnerability in Canonical Snapd snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass." | 7.5 |
| 2019-04-24 | CVE-2019-11502 | Link Following vulnerability in Canonical Snapd snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. | 7.5 |
| 2019-04-22 | CVE-2019-8452 | Link Following vulnerability in Checkpoint Endpoint Security and Zonealarm A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. | 7.8 |