Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-16 | CVE-2023-39246 | Link Following vulnerability in Dell products Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. | 7.3 |
| 2023-11-15 | CVE-2023-43590 | Link Following vulnerability in Zoom Rooms Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 |
| 2023-11-10 | CVE-2023-6069 | Link Following vulnerability in Froxlor Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | 8.8 |
| 2023-11-03 | CVE-2020-28407 | Link Following vulnerability in Swtpm Project Swtpm In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 7.1 |
| 2023-10-27 | CVE-2023-5834 | Link Following vulnerability in Hashicorp Vagrant HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. | 7.8 |
| 2023-10-26 | CVE-2018-17559 | Link Following vulnerability in Abus products Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | 7.5 |
| 2023-10-25 | CVE-2023-42844 | Link Following vulnerability in Apple Macos This issue was addressed with improved handling of symlinks. | 7.5 |
| 2023-10-25 | CVE-2023-46654 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | 8.1 |
| 2023-10-25 | CVE-2023-46655 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | 6.5 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |