Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-28872 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 8.8 |
| 2023-12-22 | CVE-2023-43116 | Link Following vulnerability in Buildkite Elastic CI Stack A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 7.8 |
| 2023-12-09 | CVE-2023-28868 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 |
| 2023-12-09 | CVE-2023-28869 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 |
| 2023-12-09 | CVE-2023-28871 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | 4.3 |
| 2023-11-16 | CVE-2023-39246 | Link Following vulnerability in Dell products Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. | 7.3 |
| 2023-11-15 | CVE-2023-43590 | Link Following vulnerability in Zoom Rooms Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 |
| 2023-11-10 | CVE-2023-6069 | Link Following vulnerability in Froxlor Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | 8.8 |
| 2023-11-03 | CVE-2020-28407 | Link Following vulnerability in Swtpm Project Swtpm In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 7.1 |
| 2023-10-27 | CVE-2023-5834 | Link Following vulnerability in Hashicorp Vagrant HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. | 7.8 |