Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVEs (1,502)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-20068 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...Show more In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907.Show less
CVE-2022-27883 1Trendmicro 1Antivirus For Mac Nov 21, 2024 Apr 9, 2022 N/A· v4 7.3 HIGH· v3 8.5 HIGH· v2 A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at lea...Show more A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.Show less
CVE-2022-26612 1Apache 1Hadoop Nov 21, 2024 Apr 7, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory whic...Show more In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3Show less
CVE-2021-27117 1Beego 1Beego Nov 21, 2024 Apr 5, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally.
CVE-2021-27116 1Beego 1Beego Nov 21, 2024 Apr 5, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
CVE-2022-0799 1Google 1Chrome Nov 21, 2024 Apr 5, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file.
CVE-2022-27816 1Waycrate 1Swhkd Nov 21, 2024 Mar 30, 2022 N/A· v4 7.1 HIGH· v3 3.3 LOW· v2 SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.
CVE-2022-27815 1Waycrate 1Swhkd Nov 21, 2024 Mar 30, 2022 N/A· v4 7.8 HIGH· v3 6.2 MEDIUM· v2 SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.
CVE-2022-22995 3Fedoraproject NetatalkWesterndigital 13Fedora My Cloud Dl2100 FirmwareMy Cloud Dl4100 Firmware+10 more Nov 3, 2025 Mar 25, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
CVE-2022-26659 1Docker 1Docker Desktop Nov 21, 2024 Mar 25, 2022 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from versi...Show more Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users.Show less
CVE-2022-22585 1Apple 5Ipados Iphone OsMacos+2 more Nov 21, 2024 Mar 18, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macO...Show more An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.Show less
CVE-2022-20050 1Google 1Android Nov 21, 2024 Mar 10, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...Show more In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038.Show less
CVE-2022-22262 1Asus 1Rog Live Service Nov 21, 2024 Mar 1, 2022 N/A· v4 7.7 HIGH· v3 3.6 LOW· v2 ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthentic...Show more ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.Show less
CVE-2022-24680 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Securit...Show more A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2022-24679 1Trendmicro 3Apex One Worry Free Business SecurityWorry Free Business Security Services Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Securit...Show more A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2022-24671 1Trendmicro 1Antivirus+ Nov 21, 2024 Feb 24, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note:...Show more A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.Show less
CVE-2021-44141 3Fedoraproject RedhatSamba 3Fedora SambaStorage Nov 21, 2024 Feb 21, 2022 N/A· v4 4.3 MEDIUM· v3 3.5 LOW· v2 All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. S...Show more All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.Show less
CVE-2021-44730 3Canonical DebianFedoraproject 4Debian Linux FedoraSnapd+1 more Nov 21, 2024 Feb 17, 2022 N/A· v4 8.8 HIGH· v3 6.9 MEDIUM· v2 snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain p...Show more snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1Show less
CVE-2022-25179 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing atta...Show more Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system.Show less
CVE-2022-25177 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing atta...Show more Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system.Show less

Previous 1...303132...76 Next