Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-18 | CVE-2022-22585 | Link Following vulnerability in Apple products An issue existed within the path validation logic for symlinks. | 7.5 |
2022-03-10 | CVE-2022-20050 | Link Following vulnerability in Google Android 11.0/12.0 In connsyslogger, there is a possible symbolic link following due to improper link resolution. | 6.7 |
2022-03-01 | CVE-2022-22262 | Link Following vulnerability in Asus ROG Live Service ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. | 7.7 |
2022-02-24 | CVE-2022-24671 | Link Following vulnerability in Trendmicro Antivirus A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. | 7.8 |
2022-02-24 | CVE-2022-24679 | Link Following vulnerability in Trendmicro products A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. | 7.8 |
2022-02-24 | CVE-2022-24680 | Link Following vulnerability in Trendmicro products A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. | 7.8 |
2022-02-21 | CVE-2021-44141 | Link Following vulnerability in multiple products All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. | 4.3 |
2022-02-17 | CVE-2021-44730 | Link Following vulnerability in multiple products snapd 2.54.2 did not properly validate the location of the snap-confine binary. | 8.8 |
2022-02-15 | CVE-2022-25176 | Link Following vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |
2022-02-15 | CVE-2022-25177 | Link Following vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |