Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,501)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-31003 1Ibm 2Security Verify Access Security Verify Access Docker Nov 3, 2025 Jan 11, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access...Show more IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658.Show less
CVE-2024-20656 1Microsoft 4Visual Studio Visual Studio 2017Visual Studio 2019+1 more Nov 21, 2024 Jan 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Visual Studio Elevation of Privilege Vulnerability
CVE-2024-0206 1Trellix 1Anti Malware Engine Nov 21, 2024 Jan 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding...Show more A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files Show less
CVE-2023-51654 1Brother 1Iprint&scan Nov 21, 2024 Dec 26, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) conditi...Show more Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.Show less
CVE-2023-28872 1Ncp E 1Secure Enterprise Client Nov 21, 2024 Dec 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
CVE-2023-43116 1Buildkite 1Elastic Ci Stack Nov 21, 2024 Dec 22, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in th...Show more A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.Show less
CVE-2023-36391 1Microsoft 1Windows 11 23h2 Nov 21, 2024 Dec 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2023-35633 1Microsoft 3Windows 10 1507 Windows Server 2008Windows Server 2012 Jan 1, 2025 Dec 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35624 1Microsoft 1Azure Connected Machine Agent Nov 21, 2024 Dec 12, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2023-28871 1Ncp E 1Secure Enterprise Client Nov 21, 2024 Dec 9, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
CVE-2023-28869 1Ncp E 1Secure Enterprise Client Nov 21, 2024 Dec 9, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
CVE-2023-28868 1Ncp E 1Secure Enterprise Client Nov 21, 2024 Dec 9, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
CVE-2023-39246 1Dell 3Encryption Endpoint Security Suite EnterpriseSecurity Management Server Nov 21, 2024 Nov 16, 2023 N/A· v4 7.3 HIGH· v3 N/A· v2 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local maliciou...Show more Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation Show less
CVE-2023-43590 1Zoom 1Rooms Nov 21, 2024 Nov 15, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-36705 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Installer Elevation of Privilege Vulnerability
CVE-2023-36399 1Microsoft 4Windows 11 21h2 Windows 11 22h2Windows 11 23h2+1 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Windows Storage Elevation of Privilege Vulnerability
CVE-2023-36394 1Microsoft 9Windows 10 1507 Windows 10 1607Windows 10 1809+6 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Search Service Elevation of Privilege Vulnerability
CVE-2023-36047 1Microsoft 8Windows 10 1809 Windows 10 21h2Windows 10 22h2+5 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Authentication Elevation of Privilege Vulnerability
CVE-2023-36046 1Microsoft 4Windows 11 21h2 Windows 11 22h2Windows 11 23h2+1 more Nov 21, 2024 Nov 14, 2023 N/A· v4 7.1 HIGH· v3 N/A· v2 Windows Authentication Denial of Service Vulnerability
CVE-2023-6069 1Froxlor 1Froxlor Nov 21, 2024 Nov 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.

Previous 1...212223...76 Next