Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |
| 2023-09-27 | CVE-2023-41968 | Link Following vulnerability in Apple products This issue was addressed with improved validation of symlinks. | 5.5 |
| 2023-08-25 | CVE-2023-34723 | Link Following vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | 7.5 |
| 2023-08-25 | CVE-2019-13689 | Link Following vulnerability in Google Chrome Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. | 7.8 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
| 2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
| 2023-08-04 | CVE-2023-39107 | Link Following vulnerability in Nomachine An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | 9.1 |
| 2023-08-01 | CVE-2023-4052 | Link Following vulnerability in Mozilla Firefox The Firefox updater created a directory writable by non-privileged users. | 6.5 |
| 2023-08-01 | CVE-2023-4053 | Link Following vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |