Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
| 2023-08-04 | CVE-2023-39107 | Link Following vulnerability in Nomachine An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | 9.1 |
| 2023-08-01 | CVE-2023-4052 | Link Following vulnerability in Mozilla Firefox The Firefox updater created a directory writable by non-privileged users. | 6.5 |
| 2023-08-01 | CVE-2023-4053 | Link Following vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |
| 2023-06-26 | CVE-2023-32556 | Link Following vulnerability in Trendmicro Apex ONE A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 |
| 2023-06-23 | CVE-2023-28065 | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.3 |
| 2023-06-23 | CVE-2023-28071 | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.1 |
| 2023-06-07 | CVE-2023-33865 | Link Following vulnerability in Renderdoc RenderDoc before 1.27 allows local privilege escalation via a symlink attack. | 7.8 |
| 2023-05-30 | CVE-2023-2939 | Link Following vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. | 7.8 |