Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |
2023-09-27 | CVE-2023-41968 | Link Following vulnerability in Apple products This issue was addressed with improved validation of symlinks. | 5.5 |
2023-09-19 | CVE-2023-32182 | Link Following vulnerability in multiple products A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | 7.8 |
2023-09-06 | CVE-2023-32163 | Link Following vulnerability in Wacom Driver 6.3.451 Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. | 7.8 |
2023-08-31 | CVE-2022-46869 | Link Following vulnerability in Acronis Cyber Protect Home Office Local privilege escalation during installation due to improper soft link handling. | 7.8 |
2023-08-25 | CVE-2023-34723 | Link Following vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | 7.5 |
2023-08-25 | CVE-2019-13689 | Link Following vulnerability in Google Chrome Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. | 7.8 |
2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |