Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-05-20 CVE-2022-24904 Link Following vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-59
4.3
2022-05-16 CVE-2022-30523 Link Following vulnerability in Trendmicro Password Manager
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.
local
low complexity
trendmicro CWE-59
7.8
2022-05-12 CVE-2022-23742 Link Following vulnerability in Checkpoint Endpoint Security
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges.
local
low complexity
checkpoint CWE-59
7.8
2022-05-05 CVE-2021-44052 Link Following vulnerability in Qnap Qts, Quts Hero and Qutscloud
An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS.
network
low complexity
qnap CWE-59
8.1
2022-05-03 CVE-2022-20103 Link Following vulnerability in Google Android 11.0/12.0
In aee daemon, there is a possible information disclosure due to symbolic link following.
local
low complexity
google CWE-59
4.4
2022-05-03 CVE-2022-20085 Link Following vulnerability in Google Android 11.0/12.0
In netdiag, there is a possible symbolic link following due to an improper link resolution.
local
low complexity
google CWE-59
6.7
2022-04-27 CVE-2022-24372 Link Following vulnerability in Linksys Mr9600 Firmware
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.
low complexity
linksys CWE-59
4.6
2022-04-15 CVE-2022-20720 Link Following vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-59
7.2
2022-04-14 CVE-2022-1256 Link Following vulnerability in Mcafee Agent
A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality.
local
low complexity
mcafee CWE-59
7.8
2022-04-11 CVE-2022-20068 Link Following vulnerability in Google Android 10.0/11.0/12.0
In mobile_log_d, there is a possible symbolic link following due to an improper link resolution.
local
low complexity
google CWE-59
6.7