Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2021-28153 Link Following vulnerability in multiple products
An issue was discovered in GNOME GLib before 2.66.8.
network
low complexity
gnome debian fedoraproject broadcom CWE-59
5.3
5.3
2021-03-11 CVE-2021-26889 Link Following vulnerability in Microsoft products
Windows Update Stack Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-59
7.8
7.8
2021-03-11 CVE-2021-26887 Link Following vulnerability in Microsoft products
<p>An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy.
local
low complexity
microsoft CWE-59
7.8
7.8
2021-03-11 CVE-2021-26873 Link Following vulnerability in Microsoft products
Windows User Profile Service Elevation of Privilege Vulnerability
local
high complexity
microsoft CWE-59
7.0
7.0
2021-03-11 CVE-2021-26866 Link Following vulnerability in Microsoft products
Windows Update Service Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-59
7.1
7.1
2021-03-11 CVE-2021-26862 Link Following vulnerability in Microsoft products
Windows Installer Elevation of Privilege Vulnerability
local
high complexity
microsoft CWE-59
7.0
7.0
2021-03-10 CVE-2020-4717 Link Following vulnerability in IBM Spss Modeler
A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation.
local
low complexity
ibm CWE-59
5.5
5.5
2021-03-10 CVE-2021-3310 Link Following vulnerability in Westerndigital MY Cloud OS
Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and AFP shares.
local
low complexity
westerndigital CWE-59
7.8
7.8
2021-03-09 CVE-2021-21300 Link Following vulnerability in multiple products
Git is an open-source distributed revision control system.
network
high complexity
git-scm fedoraproject apple debian CWE-59
7.5
7.5
2021-02-18 CVE-2020-12878 Link Following vulnerability in Digi Connectport X2E Firmware
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
local
low complexity
digi CWE-59
7.8
7.8