Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-38511 | Link Following vulnerability in TAR Project TAR An issue was discovered in the tar crate before 0.4.36 for Rust. | 7.5 |
| 2021-08-09 | CVE-2021-21740 | Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. | 2.4 |
| 2021-08-03 | CVE-2021-32803 | Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. | 8.1 |
| 2021-07-30 | CVE-2021-32610 | Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | 7.1 |
| 2021-07-30 | CVE-2021-36983 | Link Following vulnerability in Replaysorcery Project Replaysorcery 0.6.0 replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. | 7.8 |
| 2021-07-28 | CVE-2021-32000 | Link Following vulnerability in Suse Linux Enterprise Server and Opensuse Factory A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. | 7.1 |
| 2021-07-22 | CVE-2021-1091 | Link Following vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | 7.1 |
| 2021-07-22 | CVE-2021-1092 | Link Following vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss. | 7.1 |
| 2021-07-12 | CVE-2021-26089 | Link Following vulnerability in Fortinet Forticlient An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase. | 7.8 |
| 2021-07-07 | CVE-2021-32509 | Link Following vulnerability in Qsan Storage Manager Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. | 6.5 |