Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-37701 | Link Following vulnerability in Npmjs TAR The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. | 4.4 |
| 2021-08-31 | CVE-2021-37712 | Link Following vulnerability in Npmjs TAR The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. | 4.4 |
| 2021-08-31 | CVE-2021-39134 | Link Following vulnerability in Npmjs Arborist `@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. | 4.4 |
| 2021-08-31 | CVE-2021-39135 | Link Following vulnerability in Npmjs Arborist `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. | 4.4 |
| 2021-08-11 | CVE-2021-38570 | Link Following vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 6.4 |
| 2021-08-09 | CVE-2021-21740 | Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. | 2.1 |
| 2021-07-30 | CVE-2021-32610 | Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | 3.6 |
| 2021-07-30 | CVE-2021-36983 | Link Following vulnerability in Replaysorcery Project Replaysorcery 0.6.0 replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. | 7.2 |
| 2021-07-22 | CVE-2021-1091 | Link Following vulnerability in Nvidia GPU Display Driver 427.33/452.96/462.31 NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | 3.6 |
| 2021-07-12 | CVE-2021-26089 | Link Following vulnerability in Fortinet Forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | 7.2 |