Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2021-38570 CRITICAL

Foxit Reader & PhantomPDF <10.1.4 - File Deletion

CVE-2021-38511 HIGH

tar < 0.4.36 - Arbitrary Directory Creation via Symlink Traversal

CVE-2021-21740 LOW

ZTE ZXHN H2640 Firmware - Information Disclosure via Symbolic Link Traversal

CVE-2021-32803 HIGH

node-tar <6.1.2-3.2.3 - File Creation/Overwrite

CVE-2021-36983 HIGH

Replaysorcery - Symlink Following

CVE-2021-32610 HIGH

Archive_Tar < 1.4.14 - Directory Traversal via Symlink Extraction

CVE-2021-32000 LOW

SUSE Linux Enterprise Server clone-master-clean-up - Arbitrary File Deletion via Symlink Following

CVE-2021-1092 HIGH

NVIDIA GPU Display Driver - Path Traversal

CVE-2021-1091 HIGH

NVIDIA GPU Display Driver - Privilege Escalation

CVE-2021-26089 MEDIUM

FortiClient for Mac < 6.4.3 - Privilege Escalation via Symlink Attack

CVE-2021-32518 HIGH

QSAN Storage Manager < 3.3.3 - Arbitrary File Access via Symbolic Link in share_link

CVE-2021-32509 MEDIUM

QSAN Storage Manager < 3.3.3 - Authenticated Absolute Path Traversal via FileviewDoc URL Parameter

CVE-2021-32508 MEDIUM

QSAN Storage Manager < 3.3.3 - Authenticated Absolute Path Traversal via FileStreaming Symbolic Link

CVE-2021-32557 MEDIUM

apport 2.14.1-0ubuntu3-2.14.1-0ubuntu3.29+esm7 - Arbitrary File Write via Symlink

CVE-2021-32555 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-32554 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-32553 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()

CVE-2021-32552 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-32551 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-32550 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-32549 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()

CVE-2021-32548 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py read_file()

CVE-2021-32547 HIGH

Ubuntu Linux - Information Disclosure via Symbolic Link Following in apport/hookutils.py

CVE-2021-31997 MEDIUM

python-postorius < 1.3.2-lp152.1.2 - Local Privilege Escalation via Symlink Following

CVE-2021-0094 HIGH

Intel Driver & Support Assistant < 20.11.50.9 - Authenticated Privilege Escalation via Improper Link Resolution

Previous Page 28 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy