Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-32556 | Link Following vulnerability in Trendmicro Apex ONE A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 |
| 2023-06-23 | CVE-2023-28065 | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.3 |
| 2023-06-23 | CVE-2023-28071 | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.1 |
| 2023-06-07 | CVE-2023-33865 | Link Following vulnerability in Renderdoc RenderDoc before 1.27 allows local privilege escalation via a symlink attack. | 7.8 |
| 2023-05-30 | CVE-2023-2939 | Link Following vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. | 7.8 |
| 2023-05-30 | CVE-2023-33245 | Link Following vulnerability in Minecraft Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. | 8.8 |
| 2023-05-30 | CVE-2023-34204 | Link Following vulnerability in Imapsync Project Imapsync imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. | 6.5 |
| 2023-05-25 | CVE-2023-27529 | Link Following vulnerability in Wacom Tablet Driver Installer Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. | 7.8 |
| 2023-04-27 | CVE-2022-31647 | Link Following vulnerability in Docker Desktop Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | 7.1 |
| 2023-04-27 | CVE-2022-34292 | Link Following vulnerability in Docker Desktop Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | 7.1 |