Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2010-3095 | Link Following vulnerability in Mailscanner mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. | 4.7 |
| 2019-11-12 | CVE-2019-1425 | Link Following vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'. | 6.5 |
| 2019-11-12 | CVE-2019-1423 | Link Following vulnerability in Microsoft Windows 10 1903 An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-1422 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-1385 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2011-3618 | Link Following vulnerability in multiple products atop: symlink attack possible due to insecure tempfile handling | 7.8 |
| 2019-11-12 | CVE-2019-18658 | Link Following vulnerability in Helm In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. | 9.8 |
| 2019-11-12 | CVE-2011-5271 | Link Following vulnerability in Clusterlabs Pacemaker Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 |
| 2019-11-09 | CVE-2009-0035 | Link Following vulnerability in Alsa-Project Alsa 1.0.19 alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts. | 5.5 |
| 2019-11-07 | CVE-2013-1809 | Link Following vulnerability in multiple products Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | 7.5 |