Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0574 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2019-01-08 | CVE-2019-0572 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2018-11-09 | CVE-2018-1834 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. | 7.8 |
| 2018-11-09 | CVE-2018-1781 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-09 | CVE-2018-1780 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-08 | CVE-2018-19044 | Link Following vulnerability in Keepalived 2.0.8 keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. | 4.7 |
| 2018-09-28 | CVE-2018-17567 | Link Following vulnerability in Jekyllrb Jekyll Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | 7.5 |
| 2018-08-21 | CVE-2018-6557 | Link Following vulnerability in multiple products The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. | 7.0 |
| 2018-08-20 | CVE-2011-2765 | Link Following vulnerability in Pyro Project Pyro pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. | 7.5 |
| 2018-08-17 | CVE-2018-15351 | Link Following vulnerability in Kraftway 24F2Xg Router Firmware 3.5.30.1118 Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | 6.5 |