| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-45798 |
59 |
|
Exec Code |
2022-12-24 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
2 |
CVE-2022-45412 |
59 |
|
|
2022-12-22 |
2023-01-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
When resolving a symlink such as <code>file:///proc/self/fd/1</code>, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. <br>*This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. |
|
3 |
CVE-2022-44747 |
59 |
|
|
2022-11-07 |
2022-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. |
|
4 |
CVE-2022-42725 |
59 |
|
|
2022-10-10 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. |
|
5 |
CVE-2022-41973 |
59 |
|
|
2022-10-29 |
2022-12-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. |
|
6 |
CVE-2022-40710 |
59 |
|
Exec Code |
2022-09-28 |
2022-09-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
7 |
CVE-2022-40143 |
59 |
|
Exec Code |
2022-09-19 |
2022-09-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
8 |
CVE-2022-39253 |
59 |
|
Bypass |
2022-10-19 |
2022-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`. |
|
9 |
CVE-2022-39215 |
59 |
|
|
2022-09-15 |
2022-09-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`. |
|
10 |
CVE-2022-38699 |
59 |
|
|
2022-09-28 |
2022-09-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. |
|
11 |
CVE-2022-38482 |
59 |
|
|
2023-01-10 |
2023-01-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. |
|
12 |
CVE-2022-36943 |
59 |
|
|
2023-01-03 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. |
|
13 |
CVE-2022-36336 |
59 |
|
|
2022-07-30 |
2022-08-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. |
|
14 |
CVE-2022-35631 |
59 |
|
|
2022-07-29 |
2022-08-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. |
|
15 |
CVE-2022-34960 |
59 |
|
|
2022-08-25 |
2022-08-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. |
|
16 |
CVE-2022-34893 |
59 |
|
|
2022-09-19 |
2022-09-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine. |
|
17 |
CVE-2022-32905 |
59 |
|
Exec Code |
2022-11-01 |
2022-11-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. |
|
18 |
CVE-2022-32450 |
59 |
|
+Priv |
2022-07-18 |
2022-07-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there. |
|
19 |
CVE-2022-31258 |
59 |
|
|
2022-05-20 |
2022-06-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. |
|
20 |
CVE-2022-31256 |
59 |
|
|
2022-10-26 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. |
|
21 |
CVE-2022-31250 |
59 |
|
|
2022-07-20 |
2022-11-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. This issue affects: openSUSE Tumbleweed keylime versions prior to 6.4.2-1.1. |
|
22 |
CVE-2022-31036 |
59 |
|
|
2022-06-27 |
2022-07-07 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. |
|
23 |
CVE-2022-30687 |
59 |
|
|
2022-05-27 |
2022-06-08 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. |
|
24 |
CVE-2022-30523 |
59 |
|
|
2022-05-16 |
2022-05-25 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine. |
|
25 |
CVE-2022-28225 |
59 |
|
Exec Code |
2022-06-15 |
2022-06-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. |
|
26 |
CVE-2022-27883 |
59 |
|
|
2022-04-09 |
2022-04-14 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. |
|
27 |
CVE-2022-27816 |
59 |
|
DoS |
2022-03-30 |
2022-10-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. |
|
28 |
CVE-2022-27815 |
59 |
|
DoS +Info |
2022-03-30 |
2022-10-06 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. |
|
29 |
CVE-2022-26704 |
59 |
|
+Priv |
2022-05-26 |
2022-11-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. |
|
30 |
CVE-2022-26688 |
59 |
|
|
2022-05-26 |
2022-06-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
|
31 |
CVE-2022-26659 |
59 |
|
|
2022-03-25 |
2022-06-23 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. |
|
32 |
CVE-2022-26456 |
59 |
|
|
2022-09-06 |
2022-09-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In vow, there is a possible information disclosure due to a symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545473; Issue ID: ALPS06545473. |
|
33 |
CVE-2022-25179 |
59 |
|
|
2022-02-15 |
2022-02-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. |
|
34 |
CVE-2022-25177 |
59 |
|
|
2022-02-15 |
2022-02-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier follows symbolic links to locations outside of the expected Pipeline library when reading files using the libraryResource step, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. |
|
35 |
CVE-2022-25176 |
59 |
|
|
2022-02-15 |
2022-02-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers able to configure Pipelines to read arbitrary files on the Jenkins controller file system. |
|
36 |
CVE-2022-24904 |
59 |
|
|
2022-05-20 |
2022-06-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. Users of versions 2.3.0 or above who do not have any Jsonnet/directory-type Applications may disable the Jsonnet/directory config management tool as a workaround. |
|
37 |
CVE-2022-24680 |
59 |
|
Exec Code |
2022-02-24 |
2022-03-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
38 |
CVE-2022-24679 |
59 |
|
Exec Code |
2022-02-24 |
2022-03-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create an writable folder in an arbitrary location and escalate privileges affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
39 |
CVE-2022-24671 |
59 |
|
Exec Code |
2022-02-24 |
2022-03-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
40 |
CVE-2022-24372 |
59 |
|
|
2022-04-27 |
2022-05-09 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. |
|
41 |
CVE-2022-23742 |
59 |
|
|
2022-05-12 |
2022-05-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. |
|
42 |
CVE-2022-23144 |
59 |
|
|
2022-09-23 |
2022-09-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. |
|
43 |
CVE-2022-22995 |
59 |
|
Exec Code |
2022-03-25 |
2022-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. |
|
44 |
CVE-2022-22962 |
59 |
|
|
2022-04-11 |
2022-07-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. |
|
45 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
|
46 |
CVE-2022-22262 |
59 |
|
|
2022-03-01 |
2022-03-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. |
|
47 |
CVE-2022-21944 |
59 |
|
|
2022-01-26 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1. |
|
48 |
CVE-2022-21838 |
59 |
|
|
2022-01-11 |
2022-05-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows Cleanup Manager Elevation of Privilege Vulnerability. |
|
49 |
CVE-2022-21770 |
59 |
|
|
2022-07-06 |
2022-07-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663. |
|
50 |
CVE-2022-20103 |
59 |
|
|
2022-05-03 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. |
