Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-30 | CVE-2020-15075 | Link Following vulnerability in Openvpn Connect OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | 7.1 |
| 2021-03-23 | CVE-2020-7346 | Link Following vulnerability in Mcafee Data Loss Prevention Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. | 7.8 |
| 2021-03-17 | CVE-2021-28650 | Link Following vulnerability in multiple products autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. | 5.5 |
| 2021-03-11 | CVE-2021-28153 | Link Following vulnerability in multiple products An issue was discovered in GNOME GLib before 2.66.8. | 5.3 |
| 2021-03-10 | CVE-2020-4717 | Link Following vulnerability in IBM Spss Modeler A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. | 5.5 |
| 2021-03-10 | CVE-2021-3310 | Link Following vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares. | 7.8 |
| 2021-02-18 | CVE-2020-12878 | Link Following vulnerability in Digi Connectport X2E Firmware Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. | 7.8 |
| 2021-02-17 | CVE-2021-26720 | Link Following vulnerability in multiple products avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. | 7.8 |
| 2021-02-16 | CVE-2021-27229 | Link Following vulnerability in multiple products Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | 8.8 |
| 2021-02-10 | CVE-2021-23873 | Link Following vulnerability in Mcafee Total Protection Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time. | 6.1 |