Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-07 | CVE-2020-36314 | Link Following vulnerability in multiple products fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 3.9 |
| 2021-04-01 | CVE-2021-28163 | Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | 2.7 |
| 2021-03-30 | CVE-2020-15075 | Link Following vulnerability in Openvpn Connect OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | 7.1 |
| 2021-03-23 | CVE-2020-7346 | Link Following vulnerability in Mcafee Data Loss Prevention Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. | 7.8 |
| 2021-03-17 | CVE-2021-28650 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 5.5 |
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. | 5.3 |
| 2021-03-10 | CVE-2020-4717 | Link Following vulnerability in IBM Spss Modeler A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. | 5.5 |
| 2021-03-10 | CVE-2021-3310 | Link Following vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. | 7.8 |
| 2021-02-18 | CVE-2020-12878 | Link Following vulnerability in Digi Connectport X2E Firmware Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | 7.8 |
| 2021-02-17 | CVE-2021-26720 | Link Following vulnerability in multiple products avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. | 7.8 |