CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59
CVE-2024-7242 HIGH
Panda Security Dome - Local Privilege Escalation via Junction Abuse in PSANHost
CVSS 7.8
CVE-2024-7241 HIGH
Panda Security Dome - Local Privilege Escalation via Junction Creation in PSANHost Service
CVSS 7.8
CVE-2024-7240 HIGH
F-Secure Total - Local Privilege Escalation via Symbolic Link Abuse in WithSecure Plugin Hosting Service
CVSS 7.8
CVE-2024-7239 HIGH
VIPRE Advanced Security - Local Privilege Escalation via Symbolic Link Abuse in Anti Malware Service
CVSS 7.8
CVE-2024-7238 HIGH
VIPRE Advanced Security - Local Privilege Escalation via Symbolic Link Abuse in Anti Malware Service
CVSS 7.8
CVE-2024-7237 HIGH
AVG AntiVirus Free - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7236 MEDIUM
AVG AntiVirus Free - Denial of Service via Symbolic Link Attack in Installer
CVSS 5.5
CVE-2024-7235 MEDIUM
AVG AntiVirus Free - Denial of Service via Symbolic Link Abuse
CVSS 5.5
CVE-2024-7234 HIGH
AVG AntiVirus Free - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7233 HIGH
Avast Free Antivirus - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7232 HIGH
Avast Free Antivirus - Local Privilege Escalation via Symbolic Link Abuse in AvastSvc
CVSS 7.8
CVE-2024-7231 HIGH
Avast Cleanup Premium - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7230 HIGH
Avast Cleanup Premium - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7229 HIGH
Avast Cleanup Premium - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-7228 MEDIUM
Avast Free Antivirus - Denial of Service via Symbolic Link Abuse
CVSS 5.5
CVE-2024-7227 HIGH
Avast Free Antivirus - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-9766 HIGH
Wacom Center < 6.4.7 - Local Privilege Escalation via Symbolic Link Attack
CVSS 7.8
CVE-2024-6260 HIGH
Malwarebytes Antimalware - Privilege Escalation
CVSS 7.8
CVE-2024-6233 HIGH
Check Point ZoneAlarm Extreme Security - Privilege Escalation
CVSS 7.8
CVE-2024-30377 HIGH
G DATA Total Security < 25.5.18.333 - Local Privilege Escalation via Symbolic Link Abuse
CVSS 7.8
CVE-2024-1868 HIGH
G DATA Total Security < 25.5.17.355 - Local Privilege Escalation via Symbolic Link
CVSS 7.8
CVE-2024-1867 HIGH
G DATA Total Security < 25.5.17.355 - Local Privilege Escalation via Symbolic Link Abuse in Backup Service
CVSS 7.8
CVE-2024-48862 CRITICAL
QuLog Center 1.7.0.800-1.7.0.830 - Unauthenticated Path Traversal and Arbitrary File Write via Link Following
CVSS 9.8
CVE-2024-52522 MEDIUM
rclone 1.59.0-1.68.1 - Privilege Escalation via Symlink Permission Manipulation
CVE-2024-51721 HIGH
SecuSUITE <5.0.420 - Code Injection
CVSS 7.3
Details
Vulnerabilities 1,518
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits