Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-17 | CVE-2018-12026 | Link Following vulnerability in Phusion Passenger 5.3.0/5.3.1 During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. | 9.8 |
| 2018-06-11 | CVE-2018-5107 | Link Following vulnerability in multiple products The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. | 5.3 |
| 2018-06-07 | CVE-2018-12015 | Link Following vulnerability in multiple products In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. | 7.5 |
| 2018-05-08 | CVE-2018-10380 | Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 7.8 |
| 2018-05-04 | CVE-2018-10722 | Link Following vulnerability in Cylance Cylanceprotect In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | 7.8 |
| 2018-05-01 | CVE-2013-0159 | Link Following vulnerability in Fedoraproject Fedora 17/18 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 7.1 |
| 2018-04-26 | CVE-2016-9602 | Link Following vulnerability in multiple products Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. | 8.8 |
| 2018-04-03 | CVE-2018-4112 | Link Following vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 5.5 |
| 2018-03-26 | CVE-2014-2312 | Link Following vulnerability in Intel Thermald The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. | 5.5 |
| 2018-03-22 | CVE-2018-5225 | Link Following vulnerability in Atlassian Bitbucket In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. | 9.9 |