Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')

DATE CVE VULNERABILITY TITLE RISK
2024-07-29 CVE-2024-7251 Link Following vulnerability in Comodo Internet Security 12.2.4.8032
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability.
local
low complexity
comodo CWE-59
7.8
2024-07-29 CVE-2024-7252 Link Following vulnerability in Comodo Internet Security 12.2.4.8032
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability.
local
low complexity
comodo CWE-59
7.8
2024-07-25 CVE-2024-29069 Link Following vulnerability in Canonical Snapd
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap.
local
low complexity
canonical CWE-59
7.3
2024-06-20 CVE-2024-6147 Link Following vulnerability in HP Poly Plantronics HUB 3.24.2
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability.
local
low complexity
hp CWE-59
7.8
2024-06-10 CVE-2024-36305 Link Following vulnerability in Trendmicro Apex ONE
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
7.8
2024-06-10 CVE-2024-36306 Link Following vulnerability in Trendmicro Apex ONE
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
local
low complexity
trendmicro CWE-59
5.5
2024-06-10 CVE-2024-27885 Link Following vulnerability in Apple Macos
This issue was addressed with improved validation of symlinks.
local
low complexity
apple CWE-59
6.3
2024-06-10 CVE-2024-5102 Link Following vulnerability in Avast Antivirus
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM.
local
high complexity
avast CWE-59
7.0
2024-05-14 CVE-2024-32002 Link Following vulnerability in GIT
Git is a revision control system.
network
high complexity
git CWE-59
critical
9.0
2024-03-08 CVE-2024-23285 Link Following vulnerability in Apple Macos
This issue was addressed with improved handling of symlinks.
local
low complexity
apple CWE-59
5.5