CWE-59

Medium likelihood

Improper Link Resolution Before File Access ('Link Following')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

1,523 vulnerabilities with CWE-59
CVE-2019-8455 HIGH
Check Point ZoneAlarm < 15.4.062 - Privilege Escalation via Hard Link Attack
CVSS 7.1
CVE-2019-0841 HIGH KEV
Windows AppX Deployment Service - Privilege Escalation
CVSS 7.8
CVE-2019-1002101 MEDIUM
Kubernetes < 1.11.9 - Arbitrary File Write via kubectl cp Tar Extraction
CVSS 6.4
CVE-2019-5674 HIGH
NVIDIA GeForce Experience < 3.18 - Unauthenticated Privilege Escalation via Hard Link Attack
CVSS 7.0
CVE-2019-5665 HIGH
NVIDIA Windows GPU Display Driver - Improper Link Resolution in 3D Vision Stereo Service
CVSS 7.8
CVE-2019-8372 HIGH
LG LHA.sys < 1.1.1811.2101 - Privilege Escalation via IOCTL Requests
CVSS 7.0
CVE-2019-0574 HIGH
Windows Data Sharing Service - Privilege Escalation
CVSS 7.8
CVE-2019-0572 HIGH
Windows Data Sharing Service - Privilege Escalation
CVSS 7.8
CVE-2018-17559 HIGH
ABUS TVIP Firmware - Unauthenticated Video Stream Access via /video.mjpg
CVSS 7.5
CVE-2018-21269 MEDIUM
OpenRC < 0.42.1 - Local Privilege Escalation via Symlink Attack in checkpath
CVSS 5.5
CVE-2018-20990 HIGH
tar < 0.4.16 - Arbitrary File Overwrite via Symlink or Hardlink in TAR Archive
CVSS 7.5
CVE-2018-1634 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 - Privilege Escalation via Symbolic Link in infos.DBSERVERNAME
CVSS 6.7
CVE-2018-1633 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 - Privilege Escalation via Symbolic Link in onsrvapd
CVSS 6.7
CVE-2018-1632 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 - Privilege Escalation via Symbolic Link in .infxdirs
CVSS 6.7
CVE-2018-1631 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 - Privilege Escalation via Symbolic Link in oninit mongohash
CVSS 6.7
CVE-2018-1630 MEDIUM
IBM Informix Dynamic Server Enterprise Edition 12.1 - Privilege Escalation via Symbolic Link in onmode
CVSS 6.7
CVE-2018-20834 HIGH
node-tar < 2.2.2 and 3.0.0-4.4.2 - Arbitrary File Overwrite via Hardlink Extraction
CVSS 7.5
CVE-2018-17955 LOW
yast2-multipath < 4.1.1 - Insecure Temporary File via Static Filename
CVSS 2.2
CVE-2018-19638 LOW
Supportutils <3.1-5.7.1 - Privilege Escalation
CVSS 2.2
CVE-2018-19637 LOW
Supportutils <3.1-5.7.1 - Info Disclosure
CVSS 2.8
CVE-2018-1834 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Privilege Escalation via Symbolic Link Attack
CVSS 7.4
CVE-2018-1781 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Symbolic Link Attack to Privilege Escalation
CVSS 8.4
CVE-2018-1780 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Privilege Escalation via Symbolic Link Attack
CVSS 7.8
CVE-2018-19044 MEDIUM
keepalived 2.0.8 - Arbitrary File Write via Symlink Attack
CVSS 4.7
CVE-2018-14651 HIGH
GlusterFS - Authenticated Symlink Remote Code Execution
CVSS 8.8
Details
Vulnerabilities 1,523
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits