Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-13 | CVE-2017-7500 | Link Following vulnerability in RPM 4.13.0.1/4.14.0.0 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. | 7.8 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-24 | CVE-2018-14335 | Link Following vulnerability in H2Database H2 1.4.197 An issue was discovered in H2 1.4.197. | 6.5 |
| 2018-07-20 | CVE-2014-4150 | Link Following vulnerability in S48 Scheme48 The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp. | 5.5 |
| 2018-07-19 | CVE-2014-0243 | Link Following vulnerability in Check MK Project Check MK Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job. | 5.5 |
| 2018-07-17 | CVE-2018-14329 | Link Following vulnerability in Htslib 1.8 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack. | 4.7 |
| 2018-07-03 | CVE-2018-11637 | Link Following vulnerability in Dialogic Powermedia XMS 3.5 Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root. | 7.5 |
| 2018-07-02 | CVE-2018-13054 | Link Following vulnerability in multiple products An issue was discovered in Cinnamon 1.9.2 through 3.8.6. | 8.1 |
| 2018-06-17 | CVE-2018-12026 | Link Following vulnerability in Phusion Passenger 5.3.0/5.3.1 During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. | 9.8 |
| 2018-06-11 | CVE-2018-5107 | Link Following vulnerability in multiple products The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. | 5.3 |