Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-10 | CVE-2023-25145 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25146 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-03-10 | CVE-2023-25148 | Link Following vulnerability in Trendmicro Apex ONE 14.0.10349/14.0.11789/2019 A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2023-02-27 | CVE-2022-22582 | Link Following vulnerability in Apple mac OS X and Macos A validation issue existed in the handling of symlinks. | 5.5 |
| 2023-02-27 | CVE-2022-45697 | Link Following vulnerability in Razer Central Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 |
| 2023-02-16 | CVE-2023-23558 | Link Following vulnerability in Eternal Terminal Project Eternal Terminal 6.2.1 In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. | 6.3 |
| 2023-02-14 | CVE-2023-22490 | Link Following vulnerability in Git-Scm GIT Git is a revision control system. | 5.5 |
| 2023-02-13 | CVE-2023-23697 | Link Following vulnerability in Dell Command | Intel Vpro OUT of Band Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. | 3.3 |
| 2023-02-13 | CVE-2023-24572 | Link Following vulnerability in Dell Command | Integration Suite for System Center 6.2.0 Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. | 3.3 |
| 2023-02-12 | CVE-2022-42292 | Link Following vulnerability in Nvidia Geforce Experience NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering. | 7.8 |