Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-1781 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-09 | CVE-2018-1780 | Link Following vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. | 7.8 |
| 2018-11-08 | CVE-2018-19044 | Link Following vulnerability in Keepalived 2.0.8 keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. | 4.7 |
| 2018-10-31 | CVE-2018-14651 | Link Following vulnerability in multiple products It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. | 8.8 |
| 2018-09-28 | CVE-2018-17567 | Link Following vulnerability in Jekyllrb Jekyll Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. | 7.5 |
| 2018-09-04 | CVE-2018-10928 | Link Following vulnerability in multiple products A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. | 8.8 |
| 2018-08-21 | CVE-2018-6557 | Link Following vulnerability in multiple products The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. | 7.0 |
| 2018-08-20 | CVE-2011-2765 | Link Following vulnerability in Pyro Project Pyro pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. | 7.5 |
| 2018-08-17 | CVE-2018-15351 | Link Following vulnerability in Kraftway 24F2Xg Router Firmware 3.5.30.1118 Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. | 6.5 |
| 2018-08-13 | CVE-2017-7500 | Link Following vulnerability in RPM 4.13.0.1/4.14.0.0 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. | 7.8 |