Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-24679 | Link Following vulnerability in Trendmicro products A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. | 7.8 |
| 2022-02-24 | CVE-2022-24680 | Link Following vulnerability in Trendmicro products A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. | 7.8 |
| 2022-02-21 | CVE-2021-44141 | Link Following vulnerability in multiple products All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. | 4.3 |
| 2022-02-17 | CVE-2021-44730 | Link Following vulnerability in multiple products snapd 2.54.2 did not properly validate the location of the snap-confine binary. | 8.8 |
| 2022-02-15 | CVE-2022-25176 | Link Following vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |
| 2022-02-15 | CVE-2022-25177 | Link Following vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. | 6.5 |
| 2022-02-15 | CVE-2022-25179 | Link Following vulnerability in Jenkins Pipeline: Multibranch Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. | 6.5 |
| 2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 7.8 |
| 2022-01-31 | CVE-2021-23521 | Link Following vulnerability in Juce This affects the package juce-framework/JUCE before 6.1.5. | 7.8 |
| 2022-01-18 | CVE-2021-41551 | Link Following vulnerability in Leostream Connection Broker 9.0.40.17 Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | 4.9 |