Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-04-11 CVE-2022-22962 Link Following vulnerability in VMWare Horizon
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link.
local
low complexity
vmware CWE-59
7.8
2022-04-09 CVE-2022-27883 Link Following vulnerability in Trendmicro Antivirus for mac
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation.
local
low complexity
trendmicro CWE-59
7.3
2022-04-07 CVE-2022-26612 Link Following vulnerability in Apache Hadoop
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes.
network
low complexity
apache CWE-59
critical
9.8
2022-04-05 CVE-2021-27116 Link Following vulnerability in Beego
An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
local
low complexity
beego CWE-59
7.8
2022-04-05 CVE-2021-27117 Link Following vulnerability in Beego
An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
local
low complexity
beego CWE-59
7.8
2022-04-05 CVE-2022-0799 Link Following vulnerability in Google Chrome
Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
network
low complexity
google CWE-59
8.8
2022-03-30 CVE-2022-27816 Link Following vulnerability in Waycrate Swhkd 1.1.5
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname.
local
low complexity
waycrate CWE-59
7.1
2022-03-30 CVE-2022-27815 Link Following vulnerability in Waycrate Swhkd 1.1.5
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname.
local
low complexity
waycrate CWE-59
7.8
2022-03-25 CVE-2022-22995 Link Following vulnerability in multiple products
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files.
network
low complexity
westerndigital fedoraproject netatalk CWE-59
critical
9.8
2022-03-25 CVE-2022-26659 Link Following vulnerability in Docker Desktop
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file.
local
low complexity
docker CWE-59
7.1