Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2021-21125 HIGH

Google Chrome <88.0.4324.96 - Info Disclosure

CVE-2021-21117 HIGH

Google Chrome <88.0.4324.96 - Privilege Escalation

CVE-2021-21272 HIGH

ORAS 0.4.0-0.8.9 - Path Traversal via Tarball Extraction

CVE-2021-1278 HIGH

Cisco SD-WAN - Unauthenticated Denial of Service

CVE-2021-1145 MEDIUM

Cisco StarOS < 21.19.7 - Authenticated Arbitrary File Read via SFTP Symbolic Link Handling

CVE-2021-21602 MEDIUM

Jenkins < 2.263.1, < 2.274 - Arbitrary File Read via Symlink Following

CVE-2021-23240 HIGH

Sudo < 1.9.5 - Unauthenticated Privilege Escalation via Symlink Attack in sudoedit

CVE-2021-23239 LOW

sudo < 1.9.5 - Unauthenticated Arbitrary Directory-Existence Test via sudoedit Race Condition

CVE-2020-3432 MEDIUM

Cisco AnyConnect Secure Mobility Client for Mac OS - Path Traversal

CVE-2020-28407 HIGH

swtpm < 0.4.2 and 0.5.x < 0.5.1 - Arbitrary File Write via Symlink Attack

CVE-2020-36657 HIGH

uptimed <0.4.6-r1 - Privilege Escalation

CVE-2020-4885 MEDIUM

IBM Db2 - Improper Link Resolution Before File Access via Symbolic Link Race Condition

CVE-2020-15076 HIGH

Private Tunnel <3.0.1 - Memory Corruption

CVE-2020-9452 HIGH

Acronis True Image 2020 24.5.22510 - Privilege Escalation via Hardlink Attack in Quarantine Feature

CVE-2020-27833 HIGH

OpenShift Container Platform < 4.7 - Arbitrary File Write via Symbolic Link in oc image extract

CVE-2020-28007 HIGH

Exim 4.00-4.94.1 - Privilege Escalation via Symlink Attack in Log Directory

CVE-2020-36314 LOW

GNOME file-roller < 3.38.0 - Directory Traversal via Symlink Parent Check Bypass

CVE-2020-15075 HIGH

OpenVPN Connect <3.2.6 - Memory Corruption

CVE-2020-7346 HIGH

McAfee Data Loss Prevention < 11.6.100 - Privilege Escalation via Junction Manipulation

CVE-2020-4717 MEDIUM

IBM SPSS Modeler Subscription Installer - Arbitrary File Write via Symbolic Link

CVE-2020-12878 HIGH

Digi ConnectPort X2e <3.2.30.6 - Privilege Escalation

CVE-2020-36241 MEDIUM

gnome-autoar < 0.2.4 - Directory Traversal via Symlink Parent Check Bypass

CVE-2020-8585 MEDIUM

OnCommand Unified Manager Core Package <5.2.5 - Info Disclosure

CVE-2020-4966 MEDIUM

IBM Security Identity Governance and Intelligence 5.2.6 - Session Cookie Exposure via Insecure HTTP Link

CVE-2020-36193 HIGH KEV

Archive_Tar < 1.4.11 - Path Traversal via Symbolic Link Handling

Previous Page 30 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy