Vulnerabilities > UNIX Symbolic Link (Symlink) Following
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2023-20091 | A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. | 5.1 |
| 2024-11-15 | CVE-2023-20093 | Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. | 4.4 |
| 2023-07-25 | CVE-2023-37460 | UNIX Symbolic Link (Symlink) Following vulnerability in Codehaus-Plexus Plexus-Archiver Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. | 9.8 |
| 2021-08-31 | CVE-2021-39135 | UNIX Symbolic Link (Symlink) Following vulnerability in multiple products `@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. | 7.8 |
| 2020-06-29 | CVE-2020-8019 | UNIX Symbolic Link (Symlink) Following vulnerability in Oneidentity Syslog-Ng A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. | 7.8 |
| 2020-06-29 | CVE-2020-8014 | UNIX Symbolic Link (Symlink) Following vulnerability in Opensuse Leap and Tumbleweed Kopano-Spamd A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root. | 7.8 |
| 2019-12-13 | CVE-2019-16775 | UNIX Symbolic Link (Symlink) Following vulnerability in multiple products Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. | 6.5 |