Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-24 | CVE-2021-23772 | Link Following vulnerability in Iris-Go Iris This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. | 8.8 |
| 2021-12-16 | CVE-2021-44023 | Link Following vulnerability in Trendmicro products A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service. | 7.1 |
| 2021-12-15 | CVE-2021-43237 | Link Following vulnerability in Microsoft products Windows Setup Elevation of Privilege Vulnerability | 7.3 |
| 2021-12-15 | CVE-2021-43238 | Link Following vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
| 2021-11-19 | CVE-2021-44038 | Link Following vulnerability in Quagga An issue was discovered in Quagga through 1.2.4. | 7.8 |
| 2021-11-14 | CVE-2021-41057 | Link Following vulnerability in multiple products In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. | 7.1 |
| 2021-11-09 | CVE-2021-3641 | Link Following vulnerability in Bitdefender Gravityzone Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. | 6.1 |
| 2021-11-04 | CVE-2021-21686 | Link Following vulnerability in Jenkins File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | 8.1 |
| 2021-11-04 | CVE-2021-21691 | Link Following vulnerability in Jenkins Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 |
| 2021-11-04 | CVE-2021-21695 | Link Following vulnerability in Jenkins FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 8.8 |