Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-09 | CVE-2023-25168 | Link Following vulnerability in Pterodactyl Wings Wings is Pterodactyl's server control plane. | 8.2 |
| 2023-02-07 | CVE-2022-42291 | Link Following vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. | 5.5 |
| 2023-01-17 | CVE-2022-45440 | Link Following vulnerability in Zyxel Ax7501-B0 Firmware 5.17(Abpc.1)C0 A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0, which processes symbolic links on external storage media. | 4.4 |
| 2023-01-12 | CVE-2022-3592 | Link Following vulnerability in multiple products A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. | 6.5 |
| 2023-01-10 | CVE-2022-38482 | Link Following vulnerability in Mega Hopex 15.2.0.6110 A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. | 4.3 |
| 2023-01-03 | CVE-2022-36943 | Link Following vulnerability in Ssziparchive Project Ssziparchive SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. | 8.1 |
| 2022-12-27 | CVE-2021-4287 | Link Following vulnerability in Microsoft Binwalk A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. | 6.5 |
| 2022-12-24 | CVE-2022-45798 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-22 | CVE-2022-45412 | Link Following vulnerability in Mozilla Firefox When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. | 8.8 |
| 2022-11-23 | CVE-2009-1142 | Link Following vulnerability in VMWare Open VM Tools 2009.03.18154848 An issue was discovered in open-vm-tools 2009.03.18-154848. | 6.7 |