Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-6335 | Link Following vulnerability in Hypr Workforce Access Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | 7.8 |
| 2024-01-16 | CVE-2023-6336 | Link Following vulnerability in Hypr Workforce Access Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | 7.8 |
| 2024-01-15 | CVE-2023-42137 | Link Following vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-11 | CVE-2023-31003 | Link Following vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2024-01-09 | CVE-2024-0206 | Link Following vulnerability in Trellix Anti-Malware Engine 6600 A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. | 7.8 |
| 2023-12-26 | CVE-2023-51654 | Link Following vulnerability in Brother Iprint&Scan Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. | 5.5 |
| 2023-12-25 | CVE-2023-28872 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 8.8 |
| 2023-12-22 | CVE-2023-43116 | Link Following vulnerability in Buildkite Elastic CI Stack A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 7.8 |
| 2023-12-09 | CVE-2023-28868 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 |
| 2023-12-09 | CVE-2023-28869 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 |