Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-6069 | Link Following vulnerability in Froxlor Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | 8.8 |
| 2023-11-03 | CVE-2020-28407 | Link Following vulnerability in Swtpm Project Swtpm In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 7.1 |
| 2023-10-27 | CVE-2023-5834 | Link Following vulnerability in Hashicorp Vagrant HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. | 7.8 |
| 2023-10-26 | CVE-2018-17559 | Link Following vulnerability in Abus products Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | 7.5 |
| 2023-10-25 | CVE-2023-42844 | Link Following vulnerability in Apple Macos This issue was addressed with improved handling of symlinks. | 7.5 |
| 2023-10-25 | CVE-2023-46654 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | 8.1 |
| 2023-10-25 | CVE-2023-46655 | Link Following vulnerability in Jenkins Cloudbees CD Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | 6.5 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
| 2023-10-05 | CVE-2023-45159 | Link Following vulnerability in 1E Client 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. | 8.4 |
| 2023-09-27 | CVE-2023-41968 | Link Following vulnerability in Apple products This issue was addressed with improved validation of symlinks. | 5.5 |