Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
|2021-02-18||CVE-2020-12878|| Link Following vulnerability in Digi Connectport X2E |
Digi ConnectPort X2e before 22.214.171.124 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
| 7.2 |
|2021-02-17||CVE-2021-26720|| Link Following vulnerability in multiple products |
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon.
| 4.6 |
|2021-02-16||CVE-2021-27229|| Link Following vulnerability in multiple products |
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text.
| 6.8 |
|2021-02-05||CVE-2020-36241|| Link Following vulnerability in Gnome Gnome-Autoar |
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
| 2.1 |
|2021-01-28||CVE-2020-8585|| Link Following vulnerability in Netapp Oncommand Unified Manager |
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
| 2.1 |
|2021-01-21||CVE-2020-4966|| Link Following vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 |
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies.
| 4.3 |
|2021-01-13||CVE-2021-1145|| Link Following vulnerability in Cisco Staros |
A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device.
| 4.0 |
|2021-01-13||CVE-2021-21602|| Link Following vulnerability in Jenkins |
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
| 4.0 |
|2021-01-12||CVE-2021-23240|| Link Following vulnerability in multiple products |
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.
| 4.4 |
|2021-01-12||CVE-2021-23239|| Link Following vulnerability in multiple products |
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
| 1.9 |