Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-0012 Link Following vulnerability in Paloaltonetworks Cortex XDR Agent
An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition.
local
low complexity
paloaltonetworks CWE-59
3.6
2022-01-11 CVE-2022-21838 Link Following vulnerability in Microsoft products
Windows Cleanup Manager Elevation of Privilege Vulnerability.
local
low complexity
microsoft CWE-59
7.2
2022-01-10 CVE-2021-44024 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
6.6
2022-01-10 CVE-2021-45442 Link Following vulnerability in Trendmicro products
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.
local
low complexity
trendmicro CWE-59
6.6
2021-12-30 CVE-2021-20153 Link Following vulnerability in Trendnet Tew-827Dru Firmware 2.08B01
Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality.
6.9
2021-12-24 CVE-2021-23772 Link Following vulnerability in Iris-Go Iris
This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12.
network
iris-go CWE-59
6.8
2021-12-16 CVE-2021-44023 Link Following vulnerability in Trendmicro products
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.
local
low complexity
trendmicro CWE-59
3.6
2021-11-24 CVE-2021-42297 Link Following vulnerability in Microsoft Windows 10 Update Assistant
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211.
6.9
2021-11-14 CVE-2021-41057 Link Following vulnerability in multiple products
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
local
low complexity
wibu siemens CWE-59
3.6
2021-11-09 CVE-2021-3641 Link Following vulnerability in Bitdefender Gravityzone
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.
local
low complexity
bitdefender CWE-59
2.1