CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59
CVE-2020-8013 LOW
SUSE Linux Enterprise - Use After Free
CVSS 2.2
CVE-2020-3835 MEDIUM
macOS Catalina <10.15.3 - Info Disclosure
CVSS 4.4
CVE-2020-3830 LOW
macOS Catalina <10.15.3 - Info Disclosure
CVSS 3.3
CVE-2020-5324 HIGH
Dell G3/G5/G7/Inspiron Firmware - Arbitrary File Overwrite via Symlink Attack
CVSS 7.1
CVE-2020-8950 HIGH
AMD User Experience Program < 1.0.0.1 - Privilege Escalation via Symbolic Link in Upload Directory
CVSS 7.8
CVE-2020-0730 HIGH
Windows User Profile Service - Elevation of Privilege via Symlink Handling
CVSS 7.1
CVE-2020-0683 HIGH KEV
Windows - Elevation of Privilege via MSI Package Symbolic Link Processing
CVSS 7.8
CVE-2020-7221 HIGH
MariaDB 10.4.7-10.4.11 - Privilege Escalation via Symlink Attack in mysql_install_db
CVSS 7.8
CVE-2020-8095 MEDIUM
Bitdefender Total Security 2020 - DoS
CVSS 4.9
CVE-2020-7040 HIGH
storeBackup < 3.5 - Privilege Escalation via Symlink Attack on /tmp/storeBackup.lock
CVSS 8.1
CVE-2020-0638 HIGH KEV
Windows 10 1709-1909 and Windows Server 1803-2019 - Elevation of Privilege via Update Notification Manager
CVSS 7.8
CVE-2020-0616 MEDIUM
Windows 10 and Windows Server 2016/2019 - Denial of Service via Hard Link Handling
CVSS 5.5
CVE-2019-13689 HIGH
Google Chrome < 75.0.3770.80 - Arbitrary File Read/Write via Inappropriate OS Implementation
CVSS 7.8
CVE-2019-20383 HIGH
ABBYY FineReader < 15.0.112.2130 - Privilege Escalation via Symbolic Link Manipulation
CVSS 7.8
CVE-2019-18901 MEDIUM
SUSE Linux Enterprise Server <10.2.31-3.25.1 - Privilege Escalation
CVSS 5.1
CVE-2019-18897 HIGH
SUSE Linux Enterprise Server <12,15 - Privilege Escalation
CVSS 8.4
CVE-2019-3698 MEDIUM
nagios < 3.5.1 - Local Privilege Escalation via Symlink Race in Cronjob
CVSS 5.7
CVE-2019-11481 LOW
Ubuntu Linux Apport - Privilege Escalation via Symbolic Link Attack
CVSS 3.8
CVE-2019-11251 MEDIUM
Kubernetes 1.1-1.12, <1.13.11, <1.14.7, <1.15.4 - Arbitrary File Write via kubectl cp Symlink Traversal
CVSS 4.8
CVE-2019-3699 HIGH
privoxy < 3.0.28-lp151.1.1 - Privilege Escalation via Symlink Following
CVSS 7.7
CVE-2019-3697 HIGH
gnump3d < 3.0 - Privilege Escalation via Symlink Following
CVSS 7.7
CVE-2019-3694 HIGH
munin < 2.0.49-4.2 - Local Privilege Escalation via Symlink Following
CVSS 7.7
CVE-2019-3693 HIGH
SUSE mailman < 2.1.15-9.6.15.1 - Privilege Escalation via Symlink Following
CVSS 7.7
CVE-2019-3692 HIGH
inn < 2.4.2-170.21.3.1 - Local Privilege Escalation via Symlink Attack
CVSS 7.7
CVE-2019-3691 HIGH
munge < 0.5.13-4.3.1 - Privilege Escalation via Symlink Following
CVSS 7.7
Details
Vulnerabilities 1,523
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits