Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-15 | CVE-2019-1074 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. | 5.5 |
| 2019-07-11 | CVE-2019-12573 | Link Following vulnerability in Londontrustmedia Private Internet Access VPN Client 82 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to overwrite arbitrary files. | 7.1 |
| 2019-07-11 | CVE-2019-12571 | Link Following vulnerability in Londontrustmedia Private Internet Access VPN Client 0.9.8 A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v0.9.8 beta (build 02099) for macOS could allow an authenticated, local attacker to overwrite arbitrary files. | 7.1 |
| 2019-07-04 | CVE-2019-13229 | Link Following vulnerability in Deepin Clone deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. | 5.5 |
| 2019-07-04 | CVE-2019-13228 | Link Following vulnerability in Deepin Deepin-Clone deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. | 4.7 |
| 2019-07-04 | CVE-2019-13227 | Link Following vulnerability in Deepin Deepin-Clone In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. | 5.5 |
| 2019-07-04 | CVE-2019-13226 | Link Following vulnerability in multiple products deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. | 7.0 |
| 2019-07-02 | CVE-2019-13173 | Link Following vulnerability in Fstream Project Fstream fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. | 7.5 |
| 2019-06-12 | CVE-2019-1069 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-06-12 | CVE-2019-1064 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |