Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-10 | CVE-2019-1315 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-09-25 | CVE-2019-12672 | Link Following vulnerability in Cisco IOS 16.9.1 A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker with physical access to an affected device to execute arbitrary code on the underlying operating system (OS) with root privileges. | 6.8 |
| 2019-09-11 | CVE-2019-1280 | Link Following vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 7.8 |
| 2019-09-11 | CVE-2019-1270 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka 'Microsoft Windows Store Installer Elevation of Privilege Vulnerability'. | 5.5 |
| 2019-09-11 | CVE-2019-1267 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-08-29 | CVE-2019-11396 | Link Following vulnerability in Avira Free Security Suite and Software Updater An issue was discovered in Avira Free Security Suite 10. | 7.8 |
| 2019-08-26 | CVE-2018-20990 | Link Following vulnerability in TAR Project TAR An issue was discovered in the tar crate before 0.4.16 for Rust. | 7.5 |
| 2019-08-20 | CVE-2018-1634 | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. | 6.7 |
| 2019-08-20 | CVE-2018-1633 | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. | 6.7 |
| 2019-08-20 | CVE-2018-1632 | Link Following vulnerability in IBM Informix Dynamic Server 12.10 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. | 6.7 |