Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-59

CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59

CVE-2019-18898 HIGH

SUSE Linux Enterprise Server 15 SP1, openSUSE Factory - Privilege E...

CVE-2019-18932 HIGH

Squid Analysis Report Generator <2.3.11 - Privilege Escalation

CVE-2019-16896 HIGH

K7 Ultimate Security <16.0.0117 - Privilege Escalation

CVE-2019-19695 HIGH

Trend Micro Antivirus for Mac <9.0.1379 - Privilege Escalation

CVE-2019-8463 HIGH

Check Point Endpoint Security Client for Windows < E82.10 - Denial of Service via Service Log File Link Resolution

CVE-2019-6679 LOW

F5 BIG-IP 11.5.9-11.5.10 - Authenticated Arbitrary File Write via Symlink Bypass

CVE-2019-19693 HIGH

Trend Micro Security 2020 - Info Disclosure/DoS

CVE-2019-8789 MEDIUM

iPadOS < 13.2 - User Information Disclosure via Symlink Validation Issue

CVE-2019-8568 MEDIUM

iPhone OS < 12.3 - Unprotected File System Modification via Symlink Validation Issue

CVE-2019-10773 HIGH

Yarn < 1.21.1 - Arbitrary Symlink Creation via Bin Key

CVE-2019-16775 HIGH

npm CLI <6.13.3 - Arbitrary File Write

CVE-2019-18232 HIGH

SafeNet Sentinel LDK License Manager < 7.101 - Privilege Escalation via Symbolic Link

CVE-2019-1483 HIGH

Windows 10 and Windows Server 2016/2019 - Elevation of Privilege via AppX Deployment Server Junction Handling

CVE-2019-18575 HIGH

Dell Command Configure <4.2.1 - Code Injection

CVE-2019-7183 CRITICAL

QNAP QTS - Improper Link Resolution Before File Access

CVE-2019-3690 MEDIUM

openSUSE Leap - Privilege Escalation via Symlink Following in chkstat

CVE-2019-3750 MEDIUM

Dell Command Update < 3.1 - Authenticated Arbitrary File Deletion via Symlink Attack

CVE-2019-3749 MEDIUM

Dell Command Update < 3.1 - Authenticated Arbitrary File Deletion via Symlink Attack

CVE-2019-17445 MEDIUM

Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent < 10.2.26 - Arbitrary File Copy via Symbolic Link Following

CVE-2019-19191 HIGH

Shibboleth SP <3.1.0 - Privilege Escalation

CVE-2019-18837 HIGH

crun < 0.10.5 - Improper Link Resolution Before File Access

CVE-2019-1425 MEDIUM

Visual Studio 2017 and 2019 - Elevation of Privilege via Hardlink Validation Bypass

CVE-2019-1423 HIGH

Windows 10 - Elevation of Privilege via StartTileData.dll File Creation

CVE-2019-1422 HIGH

Windows - Elevation of Privilege via iphlpsvc.dll File Creation

CVE-2019-1385 HIGH KEV

Windows AppX Deployment Extensions - Privilege Escalation

Previous Page 35 of 61 Next

Details

Vulnerabilities 1,523

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy