Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2021-08-31 CVE-2021-37701 Link Following vulnerability in Npmjs TAR
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
npmjs CWE-59
4.4
2021-08-31 CVE-2021-37712 Link Following vulnerability in Npmjs TAR
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
npmjs CWE-59
4.4
2021-08-31 CVE-2021-39134 Link Following vulnerability in Npmjs Arborist
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
npmjs CWE-59
4.4
2021-08-31 CVE-2021-39135 Link Following vulnerability in Npmjs Arborist
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
npmjs CWE-59
4.4
2021-08-11 CVE-2021-38570 Link Following vulnerability in Foxitsoftware Foxit Reader
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4.
network
low complexity
foxitsoftware CWE-59
6.4
2021-08-09 CVE-2021-21740 Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product.
local
low complexity
zte CWE-59
2.1
2021-07-30 CVE-2021-32610 Link Following vulnerability in multiple products
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
local
low complexity
php debian fedoraproject CWE-59
3.6
2021-07-30 CVE-2021-36983 Link Following vulnerability in Replaysorcery Project Replaysorcery 0.6.0
replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock.
local
low complexity
replaysorcery-project CWE-59
7.2
2021-07-22 CVE-2021-1091 Link Following vulnerability in Nvidia GPU Display Driver 427.33/452.96/462.31
NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.
local
low complexity
nvidia CWE-59
3.6
2021-07-12 CVE-2021-26089 Link Following vulnerability in Fortinet Forticlient
An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
local
low complexity
fortinet CWE-59
7.2