Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-10003 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.8 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |
| 2020-12-03 | CVE-2020-29529 | Link Following vulnerability in Hashicorp Go-Slug HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. | 7.5 |
| 2020-11-21 | CVE-2020-5797 | Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 6.1 |
| 2020-11-19 | CVE-2020-25989 | Link Following vulnerability in Pritunl Pritunl-Client-Electron Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. | 7.8 |
| 2020-11-18 | CVE-2020-27697 | Link Following vulnerability in Trendmicro products Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. | 7.8 |
| 2020-11-10 | CVE-2020-23968 | Link Following vulnerability in Ilex International Sign&Go 7.1 Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log. | 7.8 |
| 2020-11-06 | CVE-2020-5795 | Link Following vulnerability in Tp-Link Archer A7 Firmware 200721 UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | 6.2 |
| 2020-11-03 | CVE-2020-16007 | Link Following vulnerability in multiple products Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | 7.8 |
| 2020-10-27 | CVE-2018-21269 | Link Following vulnerability in Openrc Project Openrc checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink. | 5.5 |