Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2023-28892 | Link Following vulnerability in Malwarebytes Adwcleaner Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | 7.8 |
| 2023-03-23 | CVE-2023-26088 | Link Following vulnerability in Malwarebytes In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. | 7.8 |
| 2023-03-21 | CVE-2023-1314 | Link Following vulnerability in Cloudflare Cloudflared A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. | 7.8 |
| 2023-03-13 | CVE-2023-24577 | Link Following vulnerability in Mcafee Total Protection McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. | 5.5 |
| 2023-03-10 | CVE-2023-25145 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25146 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25148 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-02-27 | CVE-2022-22582 | Link Following vulnerability in Apple mac OS X and Macos A validation issue existed in the handling of symlinks. | 5.5 |
| 2023-02-27 | CVE-2022-45697 | Link Following vulnerability in Razer Central Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 |
| 2023-02-16 | CVE-2023-23558 | Link Following vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. | 6.3 |