Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-43237 | Link Following vulnerability in Microsoft products Windows Setup Elevation of Privilege Vulnerability | 7.3 |
| 2021-12-15 | CVE-2021-43238 | Link Following vulnerability in Microsoft products Windows Remote Access Elevation of Privilege Vulnerability | 7.8 |
| 2021-11-19 | CVE-2021-44038 | Link Following vulnerability in Quagga An issue was discovered in Quagga through 1.2.4. | 7.8 |
| 2021-11-14 | CVE-2021-41057 | Link Following vulnerability in multiple products In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. | 7.1 |
| 2021-11-09 | CVE-2021-3641 | Link Following vulnerability in Bitdefender Gravityzone Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. | 6.1 |
| 2021-11-04 | CVE-2021-21686 | Link Following vulnerability in Jenkins File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories. | 8.1 |
| 2021-11-04 | CVE-2021-21691 | Link Following vulnerability in Jenkins Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 9.8 |
| 2021-11-04 | CVE-2021-21695 | Link Following vulnerability in Jenkins FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | 8.8 |
| 2021-10-28 | CVE-2021-22488 | Link Following vulnerability in Huawei Emui and Magic UI There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. | 7.5 |
| 2021-10-08 | CVE-2021-37969 | Link Following vulnerability in multiple products Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. | 7.8 |