Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-61

CWE-61

High likelihood

UNIX Symbolic Link (Symlink) Following

Parent: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

138 vulnerabilities with CWE-61

CVE-2024-45418 MEDIUM

Zoom Meeting SDK < 6.1.5 - Authenticated Privilege Escalation via Symlink Following

CVE-2024-52535 HIGH

Dell SupportAssist for Home PCs < 4.6.2 and Business PCs < 4.5.1 - Authenticated Privilege Escalation via Symlink Attack

CVE-2024-47515 HIGH

Pagure - Local File Disclosure via Symbolic Link Following

CVE-2024-54148 CRITICAL

Gogs < 0.13.1 - Authenticated Path Traversal via Symlink File Commit

CVE-2024-47480 HIGH

Dell Inventory Collector Client <12.7.0 - Privilege Escalation

CVE-2024-52542 MEDIUM

Dell AppSync 4.6.0.0-4.6.0.2 - Symbolic Link Following

CVE-2024-52537 MEDIUM

Dell Dock HD22Q, WD19, and WD22TB4 Firmware Update Utility - Privilege Escalation via Symlink Following

CVE-2024-54661 CRITICAL

socat 1.6.0.0-1.8.0.1 and 2.0.0-b1-2.0.0-b8 - UNIX Symbolic Link Following in readline.sh

CVE-2024-52522 MEDIUM

rclone 1.59.0-1.68.1 - Privilege Escalation via Symlink Permission Manipulation

CVE-2024-34015 LOW

Acronis Backup <1.8.3.818-1.9.1.892 - Info Disclosure

CVE-2024-34014 MEDIUM

Acronis Backup - Improper Symbolic Link Handling

CVE-2024-0134 MEDIUM

NVIDIA Container Toolkit - Info Disclosure

CVE-2024-47877 HIGH

codeclysm/extract < 4.0.0 - Path Traversal via Malicious Archive Symlink

CVE-2024-44132 HIGH

macOS < 15.0 - Sandbox Escape via Symlink Handling

CVE-2024-45310 LOW

runc <1.2.0-rc2 - Privilege Escalation

CVE-2024-39578 MEDIUM

Dell PowerScale OneFS 8.2.2.x-9.8.0.1 - Denial of Service and Information Tampering via Symlink Following

CVE-2024-42367 MEDIUM

aiohttp 3.10.0-3.10.2 - Path Traversal via Compressed File Symbolic Links

CVE-2024-27872 MEDIUM

macOS Sonoma <14.6 - Info Disclosure

CVE-2024-28189 CRITICAL

Judge0 <1.13.1 - Privilege Escalation

CVE-2024-28185 CRITICAL

judge0 1.13.0 - Arbitrary File Write and Remote Code Execution via Symlink Attack

CVE-2024-22014 HIGH

360 Total Security Antivirus <11.0.0.1061 - Privilege Escalation

CVE-2024-25953 MEDIUM

Dell PowerScale OneFS 9.4.0.x-9.7.0.x - Denial of Service and Information Tampering via Symlink Following

CVE-2024-25952 MEDIUM

Dell PowerScale OneFS 8.2.2.x-9.7.0.x - Denial of Service and Information Tampering via Symlink Following

CVE-2024-1933 HIGH

TeamViewer <15.52 - Privilege Escalation

CVE-2024-23285 MEDIUM

macOS < 14.4 - Unprotected User Data Exposure via Symlink Handling

Previous Page 4 of 6 Next

Details

Vulnerabilities 138

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy