Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-42137 | Link Following vulnerability in Paxtechnology Paydroid PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability. | 7.8 |
| 2024-01-11 | CVE-2023-31003 | Link Following vulnerability in IBM products IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. | 7.8 |
| 2023-12-26 | CVE-2023-51654 | Link Following vulnerability in Brother Iprint&Scan 11.0.0 Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. | 5.5 |
| 2023-12-25 | CVE-2023-28872 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 8.8 |
| 2023-12-22 | CVE-2023-43116 | Link Following vulnerability in Buildkite Elastic CI Stack A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. | 7.8 |
| 2023-12-09 | CVE-2023-28868 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 |
| 2023-12-09 | CVE-2023-28869 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 |
| 2023-12-09 | CVE-2023-28871 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | 4.3 |
| 2023-11-16 | CVE-2023-39246 | Link Following vulnerability in Dell products Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. | 7.3 |
| 2023-11-15 | CVE-2023-43590 | Link Following vulnerability in Zoom Rooms Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 |