Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-30 | CVE-2022-36336 | Link Following vulnerability in Trendmicro products A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-07-29 | CVE-2022-35631 | Link Following vulnerability in Rapid7 Velociraptor On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. | 5.5 |
| 2022-07-18 | CVE-2022-32450 | Link Following vulnerability in Anydesk 7.0.9 AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | 7.1 |
| 2022-07-06 | CVE-2022-21770 | Link Following vulnerability in Google Android 11.0/12.0 In sound driver, there is a possible information disclosure due to symlink following. | 6.7 |
| 2022-06-28 | CVE-2022-2145 | Link Following vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v. | 7.8 |
| 2022-06-27 | CVE-2022-31036 | Link Following vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 4.3 |
| 2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 6.7 |
| 2022-06-21 | CVE-2022-34008 | Link Following vulnerability in Comodo Antivirus 12.2.2.8012 Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. | 7.8 |
| 2022-06-17 | CVE-2022-25856 | Link Following vulnerability in Argo Events Project Argo Events The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. | 7.5 |
| 2022-06-15 | CVE-2021-25261 | Link Following vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.8 |