Vulnerabilities > UNIX Symbolic Link (Symlink) Following

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2023-20091 A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system.
local
low complexity
CWE-61
5.1
2024-11-15 CVE-2023-20093 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
local
low complexity
CWE-61
4.4
2023-07-25 CVE-2023-37460 UNIX Symbolic Link (Symlink) Following vulnerability in Codehaus-Plexus Plexus-Archiver
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API.
network
low complexity
codehaus-plexus CWE-61
critical
9.8
2021-08-31 CVE-2021-39135 UNIX Symbolic Link (Symlink) Following vulnerability in multiple products
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder.
local
low complexity
npmjs oracle siemens CWE-61
7.8
2020-06-29 CVE-2020-8019 UNIX Symbolic Link (Symlink) Following vulnerability in Oneidentity Syslog-Ng
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root.
local
low complexity
oneidentity CWE-61
7.8
2020-06-29 CVE-2020-8014 UNIX Symbolic Link (Symlink) Following vulnerability in Opensuse Leap and Tumbleweed Kopano-Spamd
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE Tumbleweed allowed local attackers with the privileges of the kopano user to escalate to root.
local
low complexity
opensuse CWE-61
7.8
2019-12-13 CVE-2019-16775 UNIX Symbolic Link (Symlink) Following vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
redhat npmjs opensuse oracle fedoraproject CWE-61
6.5