Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2019-1002101 | Link Following vulnerability in multiple products The kubectl cp command allows copying files between containers and the user machine. | 5.5 |
| 2019-03-28 | CVE-2019-5674 | Link Following vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience before 3.18 contains a vulnerability when ShadowPlay or GameStream is enabled. | 7.0 |
| 2019-03-15 | CVE-2018-17955 | Link Following vulnerability in Opensuse Yast2-Multipath In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection | 5.5 |
| 2019-03-05 | CVE-2018-19638 | Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. | 4.7 |
| 2019-03-05 | CVE-2018-19637 | Link Following vulnerability in Opensuse Supportutils 3.0.1095.51.1 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection | 5.5 |
| 2019-02-27 | CVE-2019-5665 | Link Following vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. | 7.8 |
| 2019-02-18 | CVE-2019-8372 | Link Following vulnerability in LG Lha.Sys The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. | 7.0 |
| 2019-01-08 | CVE-2019-0574 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2019-01-08 | CVE-2019-0572 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | 7.8 |
| 2018-11-09 | CVE-2018-1834 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. | 7.8 |