Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-10 | CVE-2022-0017 | Link Following vulnerability in Paloaltonetworks Globalprotect An improper link resolution before file access ('link following') vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. | 7.8 |
2022-01-31 | CVE-2021-23521 | Link Following vulnerability in Juce This affects the package juce-framework/JUCE before 6.1.5. | 7.8 |
2022-01-18 | CVE-2021-41551 | Link Following vulnerability in Leostream Connection Broker 9.0.40.17 Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. | 4.9 |
2022-01-12 | CVE-2022-0012 | Link Following vulnerability in Paloaltonetworks Cortex XDR Agent An improper link resolution before file access vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables a local user to delete arbitrary system files and impact the system integrity or cause a denial of service condition. | 7.1 |
2022-01-11 | CVE-2022-21838 | Link Following vulnerability in Microsoft products Windows Cleanup Manager Elevation of Privilege Vulnerability | 7.8 |
2022-01-10 | CVE-2021-44024 | Link Following vulnerability in Trendmicro products A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. | 7.1 |
2022-01-10 | CVE-2021-45231 | Link Following vulnerability in Trendmicro products A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. | 7.8 |
2022-01-10 | CVE-2021-45442 | Link Following vulnerability in Trendmicro products A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. | 7.1 |
2021-12-30 | CVE-2021-20153 | Link Following vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. | 6.8 |
2021-12-24 | CVE-2021-23772 | Link Following vulnerability in Iris-Go Iris This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. | 8.8 |