CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,518 vulnerabilities with CWE-59
CVE-2024-21397 MEDIUM
Microsoft Azure File Sync 14.0.0.0-16.1.x - Elevation of Privilege via Improper Link Resolution
CVSS 5.3
CVE-2024-21329 HIGH
Azure Connected Machine Agent < 1.38 - Elevation of Privilege via Improper Link Resolution
CVSS 7.3
CVE-2024-1329 HIGH
HashiCorp Nomad 1.5.13-1.6.6 and 1.7.3 - Arbitrary File Write via Symlink Attack
CVSS 7.7
CVE-2024-20656 HIGH
Visual Studio - Privilege Escalation
CVSS 7.8
CVE-2024-0206 HIGH
Trellix Anti-Malware Engine - Authenticated Privilege Escalation via Symbolic Link Manipulation
CVSS 7.1
CVE-2023-53973 HIGH
Zillya Total Security 3.0.2367.0 - Privilege Escalation
CVSS 8.4
CVE-2023-20004 MEDIUM
Cisco TelePresence CE - Privilege Escalation
CVSS 4.4
CVE-2023-43078 MEDIUM
Dell Dock Firmware - Privilege Escalation/DoS
CVSS 6.7
CVE-2023-51636 HIGH
Avira Prime - Local Privilege Escalation
CVSS 7.8
CVE-2023-50226 HIGH
Parallels Desktop < 17.1.7(51588) - Local Privilege Escalation via Updater Service Link Following
CVSS 7.8
CVE-2023-50197 HIGH
Intel Driver & Support Assistant - Local Privilege Escalation via Symbolic Link Abuse in DSA Service
CVSS 7.8
CVE-2023-42126 HIGH
G DATA Total Security - Local Privilege Escalation via GDBackupSvc Service Link Following
CVSS 7.8
CVE-2023-42125 HIGH
Avast Premium Security - Privilege Escalation via Sandbox Protection Link Following
CVSS 7.8
CVE-2023-42099 HIGH
Intel Driver & Support Assistant - Local Privilege Escalation via Symbolic Link Abuse in DSA Service
CVSS 7.8
CVE-2023-34283 MEDIUM
NETGEAR RAX30 Firmware < 1.0.10.94 - Unauthenticated Information Disclosure via USB Share Symbolic Link
CVSS 4.6
CVE-2023-32179 HIGH
VIPRE Antivirus < 12.0.1.203 - Local Privilege Escalation via FPQuarTransfer Symbolic Link
CVSS 7.8
CVE-2023-32178 HIGH
VIPRE Antivirus Plus < 12.0.1.203 - Local Privilege Escalation via TelFileTransfer Symbolic Link
CVSS 7.8
CVE-2023-32175 HIGH
VIPRE Antivirus Plus < 12.0.1.203 - Local Privilege Escalation via Symbolic Link
CVSS 7.8
CVE-2023-27347 HIGH
G DATA Total Security < 25.5.13.26 - Local Privilege Escalation via Symbolic Link
CVSS 7.8
CVE-2023-41971 MEDIUM
Zscaler Client Connector <3.7 - Path Traversal
CVSS 5.3
CVE-2023-42942 HIGH
watchOS <10.1 - Privilege Escalation
CVSS 7.8
CVE-2023-32474 MEDIUM
Dell Display Manager < 2.1.1.21 - Arbitrary File Deletion via Insecure Windows Junction Handling
CVSS 6.6
CVE-2023-32454 MEDIUM
Dell Update Package Framework < 4.9.4.36 - Denial of Service via Windows Junction/Mount Point Manipulation
CVSS 6.3
CVE-2023-7216 MEDIUM
GNU cpio - Path Traversal via Symlink Handling
CVSS 5.3
CVE-2023-52138 HIGH
Engrampa < 1.26.2 - Path Traversal and Remote Code Execution via CPIO Archive Symlink Handling
CVSS 8.2
Details
Vulnerabilities 1,518
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits