Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2024-02-21 CVE-2023-42942 Link Following vulnerability in Apple products
This issue was addressed with improved handling of symlinks.
local
low complexity
apple CWE-59
7.8
2024-02-06 CVE-2023-32454 Link Following vulnerability in Dell Update Package Framework 3.8.3.67/4.9.4.36
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability.
local
low complexity
dell CWE-59
7.1
2024-02-06 CVE-2023-32474 Link Following vulnerability in Dell Display Manager 2.0.0/2.1.0/2.1.1
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point.
local
low complexity
dell CWE-59
6.6
2024-02-05 CVE-2023-52138 Link Following vulnerability in Mate-Desktop Engrampa
Engrampa is an archive manager for the MATE environment.
network
low complexity
mate-desktop CWE-59
critical
9.6
2024-01-23 CVE-2023-47192 Link Following vulnerability in Trendmicro Apex ONE 2019
An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-01-23 CVE-2023-52090 Link Following vulnerability in Trendmicro Apex ONE
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-01-23 CVE-2023-52091 Link Following vulnerability in Trendmicro Apex ONE
An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-01-23 CVE-2023-52092 Link Following vulnerability in Trendmicro Apex ONE
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-01-23 CVE-2023-52094 Link Following vulnerability in Trendmicro Apex ONE
An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-01-23 CVE-2023-52338 Link Following vulnerability in Trendmicro Deep Security and Deep Security Agent
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8