Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-25 | CVE-2022-34960 | Link Following vulnerability in Mikrotik Routeros 7.4 The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. | 9.8 |
2022-07-30 | CVE-2022-36336 | Link Following vulnerability in Trendmicro products A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. | 7.8 |
2022-07-29 | CVE-2022-35631 | Link Following vulnerability in Rapid7 Velociraptor On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. | 5.5 |
2022-07-18 | CVE-2022-32450 | Link Following vulnerability in Anydesk 7.0.9 AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. | 7.1 |
2022-07-06 | CVE-2022-21770 | Link Following vulnerability in Google Android 11.0/12.0 In sound driver, there is a possible information disclosure due to symlink following. | 6.7 |
2022-06-28 | CVE-2022-2145 | Link Following vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v. | 7.8 |
2022-06-27 | CVE-2022-31036 | Link Following vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 4.3 |
2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 6.7 |
2022-06-21 | CVE-2022-34008 | Link Following vulnerability in Comodo Antivirus 12.2.2.8012 Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. | 7.8 |
2022-06-17 | CVE-2022-25856 | Link Following vulnerability in Argo Events Project Argo Events The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. | 7.5 |