Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2021-42297 MEDIUM

Windows 10 Update Assistant - Elevation of Privilege via Improper Link Resolution

CVE-2021-44038 HIGH

Quagga < 1.2.4 - Privilege Escalation via Unsafe chown/chmod Operations

CVE-2021-41057 HIGH

WIBU CodeMeter Runtime <7.30a - Privilege Escalation

CVE-2021-41379 MEDIUM KEV

Windows Installer - Elevation of Privilege via Improper Link Resolution

CVE-2021-3641 MEDIUM

Bitdefender GravityZone < 7.1.2.33 - Denial of Service via EPAG Component Link Following

CVE-2021-21695 HIGH

Jenkins < 2.303.3 and < 2.319 - Improper Link Resolution Before File Access

CVE-2021-21691 CRITICAL

Jenkins < 2.303.3 and < 2.319 - Symbolic Link Creation Without Required Permission

CVE-2021-21686 HIGH

Jenkins < 2.303.3 and < 2.319 - Path Traversal via Symbolic Link Following

CVE-2021-22488 HIGH

Huawei Smartphone - Info Disclosure

CVE-2021-37969 HIGH

Google Chrome < 94.0.4606.54 - Local Privilege Escalation via Crafted File

CVE-2021-36286 HIGH

Dell SupportAssist Client Consumer <3.9.13.0 - Path Traversal

CVE-2021-34408 HIGH

Zoom Meetings < 5.3.2 - Privilege Escalation via Log File Symlink Attack

CVE-2021-1612 MEDIUM

Cisco SD-WAN < 17.3.4 - Authenticated Arbitrary File Overwrite via Symbolic Link

CVE-2021-31843 HIGH

McAfee Endpoint Security < 10.7.0 - Improper Privilege Management via Junction Link Manipulation

CVE-2021-41072 HIGH

Squashfs-Tools 4.5 - Path Traversal

CVE-2021-36744 HIGH

Trend Micro Security 2020-2021 - Privilege Escalation and Denial of Service via Directory Junction

CVE-2021-39135 HIGH

@npmcli/arborist < 2.8.2 - Arbitrary File Write via Symbolic Link Following

CVE-2021-37712 HIGH

tar < 4.4.18, 5.0.10, 6.1.9 - Arbitrary File Creation and Overwrite via Unicode Normalization Bypass

CVE-2021-37701 HIGH

npmjs/tar < 4.4.16 - Arbitrary File Creation and Overwrite via Symlink Directory Cache Bypass

CVE-2021-36928 MEDIUM

Microsoft Edge Chromium < 92.0.902.55 - Elevation of Privilege via Improper Link Resolution

CVE-2021-30968 MEDIUM

macOS Big Sur <11.6.2 - Info Disclosure

CVE-2021-30855 MEDIUM

iPadOS < 14.8 - Improper Link Resolution Before File Access

CVE-2021-32825 LOW

bblfshd < 2021-08-11 - Path Traversal and Arbitrary File Write via Unsafe Symbolic Link Handling

CVE-2021-26426 HIGH

Windows - Elevation of Privilege via User Account Profile Picture

CVE-2021-26425 HIGH

Windows - Elevation of Privilege via Event Tracing Link Resolution

Previous Page 27 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy