Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2022-34960 Link Following vulnerability in Mikrotik Routeros 7.4
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device.
network
low complexity
mikrotik CWE-59
critical
9.8
2022-07-30 CVE-2022-36336 Link Following vulnerability in Trendmicro products
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-07-29 CVE-2022-35631 Link Following vulnerability in Rapid7 Velociraptor
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file.
local
low complexity
rapid7 CWE-59
5.5
2022-07-18 CVE-2022-32450 Link Following vulnerability in Anydesk 7.0.9
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
local
low complexity
anydesk CWE-59
7.1
2022-07-06 CVE-2022-21770 Link Following vulnerability in Google Android 11.0/12.0
In sound driver, there is a possible information disclosure due to symlink following.
local
low complexity
google CWE-59
6.7
2022-06-28 CVE-2022-2145 Link Following vulnerability in Cloudflare Warp
Cloudflare WARP client for Windows (up to v.
local
low complexity
cloudflare CWE-59
7.8
2022-06-27 CVE-2022-31036 Link Following vulnerability in Argoproj Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
network
low complexity
argoproj CWE-59
4.3
2022-06-24 CVE-2021-42056 Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
local
low complexity
thalesgroup CWE-59
6.7
2022-06-21 CVE-2022-34008 Link Following vulnerability in Comodo Antivirus 12.2.2.8012
Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation.
local
low complexity
comodo CWE-59
7.8
2022-06-17 CVE-2022-25856 Link Following vulnerability in Argo Events Project Argo Events
The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go.
network
low complexity
argo-events-project CWE-59
7.5