Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2023-6335 Link Following vulnerability in Hypr Workforce Access
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
local
low complexity
hypr CWE-59
7.8
2024-01-16 CVE-2023-6336 Link Following vulnerability in Hypr Workforce Access
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
local
low complexity
hypr CWE-59
7.8
2024-01-15 CVE-2023-42137 Link Following vulnerability in Paxtechnology Paydroid
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.
local
low complexity
paxtechnology CWE-59
7.8
2024-01-11 CVE-2023-31003 Link Following vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls.
local
low complexity
ibm CWE-59
7.8
2023-12-26 CVE-2023-51654 Link Following vulnerability in Brother Iprint&Scan 11.0.0
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier.
local
low complexity
brother CWE-59
5.5
2023-12-25 CVE-2023-28872 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
network
low complexity
ncp-e CWE-59
8.8
2023-12-22 CVE-2023-43116 Link Following vulnerability in Buildkite Elastic CI Stack
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
local
low complexity
buildkite CWE-59
7.8
2023-12-09 CVE-2023-28868 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
8.1
2023-12-09 CVE-2023-28869 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
6.5
2023-12-09 CVE-2023-28871 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
4.3