Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2021-1491 MEDIUM

Cisco Catalyst SD-WAN Manager - Authenticated Arbitrary File Read via File Reference Manipulation

CVE-2021-4287 MEDIUM

ReFirm Labs binwalk <2.3.2 - Symlink Following

CVE-2021-35939 MEDIUM

Fix incomplete - Privilege Escalation

CVE-2021-35938 MEDIUM

rpm < 4.18.0 - Privilege Escalation via Symbolic Link Attack

CVE-2021-35937 MEDIUM

rpm < 4.18.0 - Unauthenticated Time-of-check Time-of-use Race Condition

CVE-2021-31566 HIGH

libarchive < 3.5.2 - Improper Link Resolution Before File Access

CVE-2021-23177 HIGH

Archive Extractor - Privilege Escalation

CVE-2021-42056 MEDIUM

Thales Safenet Authentication Client < 10.7.7 - Arbitrary File Write via Symlink Attack

CVE-2021-25261 HIGH

Yandex Browser <22.5.0.862 - Privilege Escalation

CVE-2021-41641 HIGH

Deno <=1.14.0 - Symbolic Link Resolution Bypass via Deno.symlink

CVE-2021-44052 MEDIUM

QNAP QTS 4.3.3-5.0.0, QuTS hero <4.5.4.1971, QuTScloud <5.0.1.1998 Path Traversal

CVE-2021-27117 HIGH

beego < 2.0.2 - Symlink Attack via GetCPUProfile Function

CVE-2021-27116 HIGH

beego <= 2.0.2 - Symlink Attack via MemProf Function

CVE-2021-44141 MEDIUM

Samba < 4.15.5 - Unauthenticated Exposure of Sensitive Information via SMB1 Symlink

CVE-2021-44730 HIGH

snapd < 2.54.3 - Privilege Escalation via Hardlink Attack on snap-confine Binary

CVE-2021-23521 MEDIUM

juce < 6.1.5 - Arbitrary File Write via Symbolic Link in Archive Extraction

CVE-2021-41551 MEDIUM

Leostream Connection Broker 9.0.40.17 - Directory Traversal via ZIP File Symbolic Link

CVE-2021-45442 HIGH

Trendmicro Apex One - Symlink Following

CVE-2021-45231 HIGH

Trend Micro Apex One and Worry-Free Business Security - Privilege Escalation via Link Following

CVE-2021-44024 HIGH

Trend Micro Apex One and Worry-Free Business Security - Denial of Service via Link Following

CVE-2021-20153 MEDIUM

Trendnet AC2600 TEW-827DRU 2.08B01 - Remote Code Execution via BitTorrent Symlink Attack

CVE-2021-23772 HIGH

iris-go/iris and kataras/iris - Arbitrary File Write via UploadFormFiles Method

CVE-2021-44023 HIGH

Trend Micro Security 2021 < 17.0 - Denial of Service via PC Health Checkup Symlink Abuse

CVE-2021-43238 HIGH

Windows Remote Access - Privilege Escalation

CVE-2021-43237 HIGH

Windows Setup < - Privilege Escalation

Previous Page 26 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy