Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2021-23892 HIGH

McAfee Endpoint Security for Linux Threat Prevention 10.5.0-10.7.5 - Privilege Escalation via TOCTOU Race Condition

CVE-2021-23872 HIGH

McAfee Total Protection < 16.0.32 - Privilege Escalation via File Lock Symbolic Link Manipulation

CVE-2021-31187 HIGH

Windows 10 WalletService - Elevation of Privilege via Improper Link Resolution

CVE-2021-27851 MEDIUM

GNU Guix 0.11.0-1.2.0 - Local Privilege Escalation via Hardlink Attack on Build Directory

CVE-2021-30356 HIGH

Check Point Identity Agent <R81.018.0000 - DoS

CVE-2021-28098 HIGH

Forescout CounterACT <8.1.4 - Privilege Escalation

CVE-2021-28321 HIGH

Diagnostics Hub Standard Collector Service - Privilege Escalation

CVE-2021-30463 HIGH

VestaCP <0.9.8-24 - Privilege Escalation

CVE-2021-28163 LOW

NetApp Cloud Manager - Exposure of Sensitive Information via Symlink Webapps Directory

CVE-2021-27241 MEDIUM

Avast Premium Security <20.8.2429 - Privilege Escalation

CVE-2021-20197 MEDIUM

GNU binutils < 2.35 - Race Condition in ar, objcopy, strip, ranlib

CVE-2021-28650 MEDIUM

gnome-autoar < 0.3.1 - Directory Traversal via Symlink Handling

CVE-2021-28153 MEDIUM

GNOME GLib <2.66.8 - Info Disclosure

CVE-2021-26889 HIGH

Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Improper Link Resolution

CVE-2021-26887 HIGH

Windows - Elevation of Privilege via Folder Redirection Junction

CVE-2021-26873 HIGH

Windows User Profile Service - Elevation of Privilege via Improper Link Resolution

CVE-2021-26866 HIGH

Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via Improper Link Resolution

CVE-2021-26862 HIGH

Windows Installer - Elevation of Privilege via Improper Link Resolution

CVE-2021-3310 HIGH

Western Digital My Cloud OS < 5.10.122 - Symbolic Link Following via SMB and AFP Shares

CVE-2021-21300 HIGH

Git 2.14.2-2.30.0 - Remote Code Execution via Symbolic Link and Clean/Smudge Filter Interaction

CVE-2021-24084 MEDIUM

Windows 10 and Windows Server 2016/2019 - Information Disclosure via Improper Link Resolution

CVE-2021-26720 HIGH

avahi < 0.8-4 - Denial of Service and Arbitrary File Creation via Symlink Attack

CVE-2021-27229 HIGH

Mumble < 1.3.4 - Remote Code Execution via Crafted Server List URL

CVE-2021-23873 HIGH

McAfee Total Protection < 16.0.30 - Privilege Escalation and Arbitrary File Deletion via Junction Link Manipulation

CVE-2021-21131 MEDIUM

Google Chrome <88.0.4324.96 - Info Disclosure

Previous Page 29 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy