Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-22 | CVE-2019-3902 | Link Following vulnerability in multiple products A flaw was found in Mercurial before 4.9. | 5.9 |
| 2019-04-17 | CVE-2019-8455 | Link Following vulnerability in Checkpoint Zonealarm A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. | 7.1 |
| 2019-04-09 | CVE-2019-0841 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-04-01 | CVE-2019-1002101 | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |
| 2019-03-28 | CVE-2019-5674 | Link Following vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. | 7.0 |
| 2019-03-15 | CVE-2018-17955 | Link Following vulnerability in Opensuse Yast2-Multipath In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | 5.5 |
| 2019-03-05 | CVE-2018-19638 | Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | 4.7 |
| 2019-03-05 | CVE-2018-19637 | Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | 5.5 |
| 2019-02-27 | CVE-2019-5665 | Link Following vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. | 7.8 |
| 2019-02-18 | CVE-2019-8372 | Link Following vulnerability in LG Lha.Sys The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. | 7.0 |