Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2021-26425 | Link Following vulnerability in Microsoft products Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 |
| 2021-08-12 | CVE-2021-26426 | Link Following vulnerability in Microsoft products Windows User Account Profile Picture Elevation of Privilege Vulnerability | 7.0 |
| 2021-08-11 | CVE-2021-38570 | Link Following vulnerability in Foxitsoftware Foxit Reader An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. | 9.1 |
| 2021-08-10 | CVE-2021-38511 | Link Following vulnerability in TAR Project TAR An issue was discovered in the tar crate before 0.4.36 for Rust. | 7.5 |
| 2021-08-09 | CVE-2021-21740 | Link Following vulnerability in ZTE Zxhn H2640 Firmware 10.0.0C6Ty There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. | 2.4 |
| 2021-08-03 | CVE-2021-32803 | Link Following vulnerability in multiple products The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. | 8.1 |
| 2021-07-30 | CVE-2021-32610 | Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | 7.1 |
| 2021-07-30 | CVE-2021-36983 | Link Following vulnerability in Replaysorcery Project Replaysorcery 0.6.0 replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. | 7.8 |
| 2021-07-28 | CVE-2021-32000 | Link Following vulnerability in Suse Linux Enterprise Server and Opensuse Factory A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. | 7.1 |
| 2021-07-22 | CVE-2021-1091 | Link Following vulnerability in Nvidia GPU Display Driver NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service. | 7.1 |