Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-22585 Link Following vulnerability in Apple products
An issue existed within the path validation logic for symlinks.
network
low complexity
apple CWE-59
7.5
2022-03-10 CVE-2022-20050 Link Following vulnerability in Google Android 11.0/12.0
In connsyslogger, there is a possible symbolic link following due to improper link resolution.
local
low complexity
google CWE-59
6.7
2022-03-01 CVE-2022-22262 Link Following vulnerability in Asus ROG Live Service
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability.
local
low complexity
asus CWE-59
7.7
2022-02-24 CVE-2022-24671 Link Following vulnerability in Trendmicro Antivirus
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-24679 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-24 CVE-2022-24680 Link Following vulnerability in Trendmicro products
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations.
local
low complexity
trendmicro CWE-59
7.8
2022-02-21 CVE-2021-44141 Link Following vulnerability in multiple products
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.
network
low complexity
samba redhat fedoraproject CWE-59
4.3
2022-02-17 CVE-2021-44730 Link Following vulnerability in multiple products
snapd 2.54.2 did not properly validate the location of the snap-confine binary.
local
low complexity
canonical fedoraproject debian CWE-59
8.8
2022-02-15 CVE-2022-25176 Link Following vulnerability in Jenkins Pipeline: Groovy
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins CWE-59
6.5
2022-02-15 CVE-2022-25177 Link Following vulnerability in Jenkins Pipeline:Shared Groovy Libraries
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.
network
low complexity
jenkins CWE-59
6.5