Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-30855 1Apple 6Ipados Iphone OsMac Os X+3 more Nov 21, 2024 Aug 24, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS...Show more A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.Show less
CVE-2021-32825 1Bblfshd Project 1Bblfshd Nov 21, 2024 Aug 16, 2021 N/A· v4 9.1 CRITICAL· v3 5.5 MEDIUM· v2 bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpa...Show more bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, he may be able to read arbitrary system files the parent process has permissions to read. For more details including a PoC see the referenced GHSL-2020-258.Show less
CVE-2021-26426 1Microsoft 7Windows 10 Windows 7Windows 8.1+4 more Nov 21, 2024 Aug 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows User Account Profile Picture Elevation of Privilege Vulnerability
CVE-2021-26425 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Aug 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-38570 1Foxitsoftware 2Foxit Reader Phantompdf Nov 21, 2024 Aug 11, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
CVE-2021-38511 1Tar Project 1Tar Nov 21, 2024 Aug 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.
CVE-2021-21740 1Zte 1Zxhn H2640 Firmware Nov 21, 2024 Aug 9, 2021 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access un...Show more There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.Show less
CVE-2021-32803 3Oracle SiemensTar Project 3Graalvm Sinec Infrastructure Network ServicesTar Nov 21, 2024 Aug 3, 2021 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file...Show more The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.Show less
CVE-2021-36983 1Replaysorcery Project 1Replaysorcery Nov 21, 2024 Jul 30, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock.
CVE-2021-32610 3Debian FedoraprojectPhp 3Archive Tar Debian LinuxFedora Nov 21, 2024 Jul 30, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
CVE-2021-32000 1Suse 2Linux Enterprise Server Opensuse Factory Nov 21, 2024 Jul 28, 2021 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows...Show more A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions.Show less
CVE-2021-1092 1Nvidia 1Gpu Display Driver Nov 21, 2024 Jul 22, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the ap...Show more NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged attacker can cause the applications to overwrite privileged files, resulting in potential denial of service or data loss.Show less
CVE-2021-1091 1Nvidia 1Gpu Display Driver Nov 21, 2024 Jul 22, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lea...Show more NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to modify, which could lead to data loss or denial of service.Show less
CVE-2021-26089 1Fortinet 1Forticlient Nov 21, 2024 Jul 12, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase.
CVE-2021-32518 1Qsan 1Storage Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Man...Show more A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.Show less
CVE-2021-32509 1Qsan 1Storage Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vuln...Show more Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.Show less
CVE-2021-32508 1Qsan 1Storage Manager Nov 21, 2024 Jul 7, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vu...Show more Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.Show less
CVE-2020-4885 1Ibm 1Db2 Nov 21, 2024 Jun 24, 2021 N/A· v4 4.7 MEDIUM· v3 1.9 LOW· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.
CVE-2021-32557 1Canonical 1Apport Nov 21, 2024 Jun 12, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-32555 1Canonical 1Ubuntu Linux Nov 21, 2024 Jun 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local user...Show more It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.Show less

Previous 1...333435...76 Next