Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,516)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-32548 1Canonical 1Ubuntu Linux Nov 21, 2024 Jun 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
CVE-2021-32547 1Canonical 1Ubuntu Linux Nov 21, 2024 Jun 12, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
CVE-2021-31997 1Opensuse 1Python Postorius Nov 21, 2024 Jun 10, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE L...Show more A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.Show less
CVE-2021-0094 1Intel 1Driver & Support Assistant Nov 21, 2024 Jun 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2020-15076 1Openvpn 1Private Tunnel Nov 21, 2024 May 26, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
CVE-2020-9452 1Acronis 1True Image 2020 Nov 21, 2024 May 25, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM priv...Show more An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled by default, it can be forced to copy the file to the quarantine by communicating with anti_ransomware_service.exe through its REST API.Show less
CVE-2020-27833 1Redhat 1Openshift Container Platform Nov 21, 2024 May 14, 2021 N/A· v4 7.1 HIGH· v3 4.6 MEDIUM· v2 A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerabi...Show more A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first created pointing within the tarball, this allows further symbolic links to bypass the existing path check. This flaw allows the tarball to create links outside the tarball's parent directory, allowing for executables or configuration files to be overwritten, resulting in arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions up to and including openshift-clients-4.7.0-202104250659.p0.git.95881af are affected.Show less
CVE-2021-23892 1Mcafee 1Endpoint Security For Linux Threat Prevention Feb 24, 2026 May 12, 2021 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalatio...Show more By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.Show less
CVE-2021-23872 1Mcafee 1Total Protection Nov 21, 2024 May 12, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.
CVE-2021-31187 1Microsoft 1Windows 10 Nov 21, 2024 May 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-28007 1Exim 1Exim Nov 21, 2024 May 6, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files...Show more Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.Show less
CVE-2021-27851 1Gnu 1Guix Nov 21, 2024 Apr 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user s...Show more A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.Show less
CVE-2021-30356 1Checkpoint 1Identity Agent Nov 21, 2024 Apr 22, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
CVE-2021-28098 1Forescout 1Counteract Nov 21, 2024 Apr 14, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to...Show more An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.Show less
CVE-2021-28321 1Microsoft 6Visual Studio Visual Studio 2017Visual Studio 2019+3 more Nov 21, 2024 Apr 13, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-30463 1Vestacp 1Control Panel Nov 21, 2024 Apr 8, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin director...Show more VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely.Show less
CVE-2020-36314 2Fedoraproject Gnome 2Fedora File Roller Nov 21, 2024 Apr 7, 2021 N/A· v4 3.9 LOW· v3 2.6 LOW· v2 fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in cer...Show more fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.Show less
CVE-2021-28163 5Apache EclipseFedoraproject+2 more 23Autovue For Agile Product Lifecycle Management Banking ApisBanking Digital Experience+20 more Nov 21, 2024 Apr 1, 2021 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadverte...Show more In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.Show less
CVE-2020-15075 1Openvpn 1Connect Nov 21, 2024 Mar 30, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
CVE-2021-27241 1Avas!t 1Premium Security Nov 21, 2024 Mar 29, 2021 N/A· v4 6.1 MEDIUM· v3 3.6 LOW· v2 This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-priv...Show more This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082.Show less

Previous 1...353637...76 Next