Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-20 | CVE-2018-1631 | Link Following vulnerability in IBM Informix Dynamic Server 12.1 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. | 6.7 |
| 2019-08-20 | CVE-2018-1630 | Link Following vulnerability in IBM Informix Dynamic Server 12.1 IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. | 6.7 |
| 2019-08-14 | CVE-2019-1188 | Link Following vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. | 7.5 |
| 2019-08-06 | CVE-2019-5683 | Link Following vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. | 7.8 |
| 2019-07-30 | CVE-2019-10152 | Link Following vulnerability in multiple products A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. | 7.2 |
| 2019-07-26 | CVE-2019-13382 | Link Following vulnerability in Techsmith Snagit 2019.1.2 UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith Recorder\InvalidPresentations that points to an arbitrary folder with an arbitrary file name. | 7.8 |
| 2019-07-18 | CVE-2019-11230 | Link Following vulnerability in Avast Antivirus In Avast Antivirus before 19.4, a local administrator can trick the product into renaming arbitrary files by replacing the Logs\Update.log file with a symlink. | 4.4 |
| 2019-07-17 | CVE-2019-13636 | Link Following vulnerability in GNU Patch In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. | 5.9 |
| 2019-07-15 | CVE-2019-1130 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-07-15 | CVE-2019-1129 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |