Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,522 vulnerabilities with CWE-59

CVE-2020-3237 MEDIUM

Cisco IOx < 1.9.0 - Authenticated Arbitrary File Overwrite via Crafted Application Package

CVE-2020-3223 MEDIUM

Cisco IOS XE - Authenticated Arbitrary File Read via Web UI File Reference

CVE-2020-7653 MEDIUM

Snyk Broker < 4.80.0 - Arbitrary File Read via Symlink

CVE-2020-6477 HIGH

Google Chrome < 83.0.4103.61 - Privilege Escalation via Crafted File

CVE-2020-2024 MEDIUM

Kata Containers runtime < 1.11.0 - Denial of Service via Improper Link Resolution

CVE-2020-5837 HIGH

Symantec Endpoint Protection <14.3 - Privilege Escalation

CVE-2020-11443 HIGH

Zoom IT Installer < 4.6.10 - Unauthenticated Arbitrary File Deletion via Symbolic Link Attack

CVE-2020-11446 HIGH

ESET Antivirus and Antispyware Module 1553-1560 - Privilege Escalation via Hard Link Manipulation

CVE-2020-12265 CRITICAL

decompress < 4.2.1 - Arbitrary File Write via Symlink Path Traversal

CVE-2020-12254 HIGH

Avira Antivirus < 5.0.2003.1821 - Privilege Escalation or Denial of Service via Symlink Abuse

CVE-2020-8831 MEDIUM

Apport - Privilege Escalation

CVE-2020-8099 HIGH

Bitdefender Antivirus Free <1.0.17 - Privilege Escalation

CVE-2020-10947 HIGH

Mac Endpoint for Sophos Central <9.9.6 - Mac Endpoint for Sophos Ho...

CVE-2020-8948 HIGH

Sierra Wireless Mobile Broadband Driver Package < 5043 - Unauthenticated Arbitrary File Write via Hard Link

CVE-2020-7250 HIGH

McAfee Endpoint Security for Windows - Authenticated Privilege Escalation via Symbolic Link Manipulation

CVE-2020-5738 HIGH

Grandstream GXP1600 <1.0.4.152 - Command Injection

CVE-2020-11736 LOW

GNOME file-roller < 3.36.1 - Directory Traversal via Symlink Parent Check Bypass

CVE-2020-1885 HIGH

Oculus Desktop <1.44.0.32849 - Privilege Escalation

CVE-2020-8015 HIGH

openSUSE Factory exim <4.93.0.4-3.1 - Privilege Escalation

CVE-2020-10665 MEDIUM

Docker Desktop <2.1.0.9-2.2.2.0 - Privilege Escalation

CVE-2020-0789 HIGH

Visual Studio 2019 16.0-16.4 - Denial of Service via Hard Link Mishandling

CVE-2020-0787 HIGH KEV

Windows BITS - Elevation of Privilege via Symbolic Link Mishandling

CVE-2020-0779 MEDIUM

Windows - Elevation of Privilege via MSI Package Symbolic Link Processing

CVE-2020-10174 HIGH

Timeshift < 20.03 - Unauthenticated Race Condition via Predictable Temporary Directory

CVE-2020-8013 LOW

SUSE Linux Enterprise - Use After Free

Previous Page 33 of 61 Next

Details

Vulnerabilities 1,522

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy