Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2021-04-08 CVE-2021-30463 Link Following vulnerability in Vestacp Control Panel
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions.
local
low complexity
vestacp CWE-59
7.2
2021-04-01 CVE-2021-28163 Link Following vulnerability in Eclipse Jetty
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
network
low complexity
eclipse CWE-59
4.0
2021-03-30 CVE-2020-15075 Link Following vulnerability in Openvpn Connect
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
local
low complexity
openvpn CWE-59
3.6
2021-03-29 CVE-2021-27241 Link Following vulnerability in Avast Premium Security 20.8.2429
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561).
local
low complexity
avast CWE-59
3.6
2021-03-26 CVE-2021-20197 Link Following vulnerability in multiple products
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib.
local
gnu redhat CWE-59
3.3
2021-03-17 CVE-2021-28650 Link Following vulnerability in multiple products
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
local
low complexity
gnome fedoraproject CWE-59
2.1
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome fedoraproject CWE-59
5.0
2021-03-10 CVE-2021-3310 Link Following vulnerability in Westerndigital MY Cloud OS
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares.
local
low complexity
westerndigital CWE-59
4.6
2021-03-09 CVE-2021-21300 Link Following vulnerability in multiple products
Git is an open-source distributed revision control system.
network
high complexity
git-scm fedoraproject apple CWE-59
5.1
2021-02-18 CVE-2020-12878 Link Following vulnerability in Digi Connectport X2E Firmware
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
local
low complexity
digi CWE-59
7.2