Vulnerabilities > Improper Link Resolution Before File Access ('Link Following')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-27 | CVE-2021-4287 | Link Following vulnerability in Microsoft Binwalk A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. | 6.5 |
| 2022-12-24 | CVE-2022-45798 | Link Following vulnerability in Trendmicro Apex ONE 2019 A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 7.8 |
| 2022-12-22 | CVE-2022-45412 | When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. | 8.8 |
| 2022-12-16 | CVE-2022-4563 | Link Following vulnerability in Freedom Securedrop A vulnerability was found in Freedom of the Press SecureDrop. | 7.8 |
| 2022-12-08 | CVE-2022-4122 | Link Following vulnerability in multiple products A vulnerability was found in buildah. | 5.3 |
| 2022-11-23 | CVE-2009-1142 | Link Following vulnerability in VMWare Open VM Tools 2009.03.18154848 An issue was discovered in open-vm-tools 2009.03.18-154848. | 6.7 |
| 2022-11-23 | CVE-2009-1143 | Link Following vulnerability in VMWare Open-Vm-Tools 2009.03.18154848 An issue was discovered in open-vm-tools 2009.03.18-154848. | 7.0 |
| 2022-11-07 | CVE-2022-44747 | Link Following vulnerability in Acronis Cyber Protect Home Office Local privilege escalation due to improper soft link handling. | 7.8 |
| 2022-11-01 | CVE-2022-32905 | Link Following vulnerability in Apple Macos This issue was addressed with improved validation of symlinks. | 7.8 |
| 2022-10-29 | CVE-2022-41973 | Link Following vulnerability in multiple products multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. | 7.8 |