Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-26456 | Link Following vulnerability in Google Android 11.0 In vow, there is a possible information disclosure due to a symbolic link following. | 4.4 |
| 2022-08-31 | CVE-2022-2897 | Link Following vulnerability in Measuresoft Scadapro Client and Scadapro Server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | 7.8 |
| 2022-08-31 | CVE-2022-2898 | Link Following vulnerability in Measuresoft Scadapro Client and Scadapro Server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | 5.5 |
| 2022-08-26 | CVE-2021-35939 | Link Following vulnerability in multiple products It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. | 6.7 |
| 2022-08-25 | CVE-2021-35938 | Link Following vulnerability in multiple products A symbolic link issue was found in rpm. | 6.7 |
| 2022-08-25 | CVE-2022-34960 | Link Following vulnerability in Mikrotik Routeros 7.4 The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. | 9.8 |
| 2022-08-23 | CVE-2021-23177 | Link Following vulnerability in multiple products An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. | 7.8 |
| 2022-08-23 | CVE-2021-31566 | Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. | 7.8 |
| 2022-07-30 | CVE-2022-36336 | Link Following vulnerability in Trendmicro products A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
| 2022-07-29 | CVE-2022-35631 | Link Following vulnerability in Rapid7 Velociraptor On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. | 5.5 |