Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-06-15 CVE-2021-25261 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.2
2022-06-15 CVE-2022-28225 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.2
2022-06-12 CVE-2021-41641 Link Following vulnerability in Deno
Deno <=1.14.0 file sandbox does not handle symbolic links correctly.
local
low complexity
deno CWE-59
3.6
2022-05-27 CVE-2022-30687 Link Following vulnerability in Trendmicro Maximum Security 2022 17.7
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
local
low complexity
trendmicro CWE-59
6.6
2022-05-26 CVE-2022-26704 Link Following vulnerability in Apple Macos
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.
network
apple CWE-59
6.8
2022-05-26 CVE-2022-26688 Link Following vulnerability in Apple mac OS X and Macos
An issue in the handling of symlinks was addressed with improved validation.
local
low complexity
apple CWE-59
4.9
2022-05-20 CVE-2022-31258 Link Following vulnerability in Tribe29 Checkmk
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
local
low complexity
tribe29 CWE-59
7.2
2022-05-20 CVE-2022-24904 Link Following vulnerability in Linuxfoundation Argo-Cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
linuxfoundation CWE-59
4.0
2022-05-16 CVE-2022-30523 Link Following vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.
local
low complexity
trendmicro CWE-59
7.2
2022-05-12 CVE-2022-23742 Link Following vulnerability in Checkpoint Endpoint Security
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges.
local
low complexity
checkpoint CWE-59
4.6