Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2021-23240 | Link Following vulnerability in multiple products selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. | 7.8 |
| 2021-01-12 | CVE-2021-23239 | Link Following vulnerability in multiple products The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | 2.5 |
| 2020-12-29 | CVE-2020-27643 | Link Following vulnerability in 1E Client 4.1.0.267/5.0.0.745 The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. | 6.5 |
| 2020-12-28 | CVE-2020-27172 | Link Following vulnerability in Gdatasoftware G Data An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. | 9.8 |
| 2020-12-28 | CVE-2020-35766 | Link Following vulnerability in Opendkim The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). | 7.8 |
| 2020-12-22 | CVE-2020-28641 | Link Following vulnerability in Malwarebytes Endpoint Protection and Malwarebytes In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. | 7.1 |
| 2020-12-08 | CVE-2020-10003 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |
| 2020-12-03 | CVE-2020-29529 | Link Following vulnerability in Hashicorp Go-Slug HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. | 7.5 |
| 2020-11-21 | CVE-2020-5797 | Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 6.1 |