Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-14 | CVE-2022-0029 | Link Following vulnerability in Paloaltonetworks Cortex XDR Agent An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. | 5.5 |
| 2022-09-06 | CVE-2022-26456 | Link Following vulnerability in Google Android 11.0 In vow, there is a possible information disclosure due to a symbolic link following. | 4.4 |
| 2022-08-25 | CVE-2021-35938 | Link Following vulnerability in multiple products A symbolic link issue was found in rpm. | 6.7 |
| 2022-08-25 | CVE-2022-34960 | Link Following vulnerability in Mikrotik Routeros 7.4 The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. | 9.8 |
| 2022-07-30 | CVE-2022-36336 | Link Following vulnerability in Trendmicro products A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-07-29 | CVE-2022-35631 | Link Following vulnerability in Rapid7 Velociraptor On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. | 5.5 |
| 2022-07-18 | CVE-2022-32450 | Link Following vulnerability in Anydesk 7.0.9 AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | 7.1 |
| 2022-07-06 | CVE-2022-21770 | Link Following vulnerability in Google Android 11.0/12.0 In sound driver, there is a possible information disclosure due to symlink following. | 6.7 |
| 2022-06-28 | CVE-2022-2145 | Link Following vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v. | 7.8 |
| 2022-06-27 | CVE-2022-31036 | Link Following vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 4.3 |