Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-34723 | Link Following vulnerability in Jaycar La5570 Firmware 1.0.19T53 An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | 7.5 |
| 2023-08-25 | CVE-2019-13689 | Link Following vulnerability in Google Chrome Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. | 7.8 |
| 2023-08-15 | CVE-2023-40028 | Link Following vulnerability in Ghost Ghost is an open source content management system. | 6.5 |
| 2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
| 2023-08-04 | CVE-2023-39107 | Link Following vulnerability in Nomachine An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. | 9.1 |
| 2023-08-01 | CVE-2023-4052 | Link Following vulnerability in Mozilla Firefox The Firefox updater created a directory writable by non-privileged users. | 6.5 |
| 2023-08-01 | CVE-2023-4053 | Link Following vulnerability in Mozilla Firefox A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-07-05 | CVE-2023-37206 | Link Following vulnerability in Mozilla Firefox Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. | 6.5 |
| 2023-06-26 | CVE-2023-32556 | Link Following vulnerability in Trendmicro Apex ONE A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 5.5 |
| 2023-06-23 | CVE-2023-28065 | Link Following vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. | 7.3 |