Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2018-17559 | Link Following vulnerability in Abus products Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | 7.5 |
| 2023-10-25 | CVE-2023-42844 | Link Following vulnerability in Apple Macos This issue was addressed with improved handling of symlinks. | 7.5 |
| 2023-10-25 | CVE-2023-46654 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | 8.1 |
| 2023-10-25 | CVE-2023-46655 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | 6.5 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
| 2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |
| 2023-09-27 | CVE-2023-41968 | Link Following vulnerability in Apple products This issue was addressed with improved validation of symlinks. | 5.5 |
| 2023-08-25 | CVE-2023-34723 | Link Following vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | 7.5 |
| 2023-08-25 | CVE-2019-13689 | Link Following vulnerability in Google Chrome Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. | 7.8 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |