Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
|2021-04-08||CVE-2021-30463|| Link Following vulnerability in Vestacp Control Panel |
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions.
| 7.2 |
|2021-04-01||CVE-2021-28163|| Link Following vulnerability in Eclipse Jetty |
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
| 4.0 |
|2021-03-30||CVE-2020-15075|| Link Following vulnerability in Openvpn Connect |
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
| 3.6 |
|2021-03-29||CVE-2021-27241|| Link Following vulnerability in Avast Premium Security 20.8.2429 |
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561).
| 3.6 |
|2021-03-26||CVE-2021-20197|| Link Following vulnerability in multiple products |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib.
| 3.3 |
|2021-03-17||CVE-2021-28650|| Link Following vulnerability in multiple products |
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations.
| 2.1 |
|2021-03-11||CVE-2021-28153|| Link Following vulnerability in multiple products |
An issue was discovered in GNOME GLib before 2.66.8.
| 5.0 |
|2021-03-10||CVE-2021-3310|| Link Following vulnerability in Westerndigital MY Cloud OS |
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares.
| 4.6 |
|2021-03-09||CVE-2021-21300|| Link Following vulnerability in multiple products |
Git is an open-source distributed revision control system.
| 5.1 |
|2021-02-18||CVE-2020-12878|| Link Following vulnerability in Digi Connectport X2E Firmware |
Digi ConnectPort X2e before 126.96.36.199 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
| 7.2 |