CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 10 of 30
- CVE-2015-1377NONECVSS 0.0EG 0.02015-02-10
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
- CVE-2015-1869HIGHCVSS 7.8EG 7.82020-01-14
The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.
- CVE-2015-3147MEDIUMCVSS 6.5EG 6.52020-01-14
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on …
- CVE-2016-8641MEDIUMCVSS 6.7EG 7.82018-08-01
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links befo…
- CVE-2016-9595HIGHCVSS 7.3EG 5.52018-07-27
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary …
- CVE-2016-9602HIGHCVSS 7.6EG 8.82018-04-26
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privile…
- CVE-2017-1000420HIGHCVSS 7.5EG 7.52018-01-02
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
- CVE-2017-1002101HIGHCVSS 8.8EG 9.62018-03-13
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/direc…
- CVE-2017-15097MEDIUMCVSS 6.5EG 6.72018-07-27
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
- CVE-2017-15111MEDIUMCVSS 5.5EG 5.52018-01-20
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.
- CVE-2017-18078HIGHCVSS 7.8EG 7.82018-01-29
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vector…
- CVE-2017-18188MEDIUMCVSS 5.5EG 5.52018-02-14
OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run.
- CVE-2017-18925MEDIUMCVSS 5.5EG 5.52020-10-26
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.
- CVE-2017-2619HIGHCVSS 7.5EG 7.52018-03-12
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
- CVE-2017-5188MEDIUMCVSS 5.0EG 7.52018-03-01
The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.
- CVE-2017-7500HIGHCVSS 7.3EG 7.82018-08-13
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary d…
- CVE-2018-1000073HIGHCVSS 7.5EG 7.52018-03-13
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in …
- CVE-2018-1000544CRITICALCVSS 9.8EG 9.82018-06-26
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploadi…
- CVE-2018-10380HIGHCVSS 7.8EG 7.82018-05-08
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
- CVE-2018-1063MEDIUMCVSS 4.4EG 4.42018-03-02
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the rela…
- CVE-2018-10722HIGHCVSS 7.8EG 7.82018-05-04
In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files …
- CVE-2018-10897HIGHCVSS 8.1EG 8.12018-08-01
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the de…
- CVE-2018-10928HIGHCVSS 8.8EG 8.82018-09-04
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks p…
- CVE-2018-11637HIGHCVSS 7.5EG 7.52018-07-03
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exists under the web root.
- CVE-2018-1196MEDIUMCVSS 5.9EG 5.92018-03-19
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a sy…
- CVE-2018-12015HIGHCVSS 7.5EG 7.52018-06-07
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
- CVE-2018-12026CRITICALCVSS 9.8EG 9.82018-06-17
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This …
- CVE-2018-13054HIGHCVSS 8.1EG 8.12018-07-02
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activate…
- CVE-2018-14329MEDIUMCVSS 4.7EG 4.72018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
- CVE-2018-14335MEDIUMCVSS 6.5EG 6.52018-07-24
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
- CVE-2018-14651HIGHCVSS 8.8EG 8.82018-10-31
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary file…
- CVE-2018-15351MEDIUMCVSS 6.5EG 6.52018-08-17
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
- CVE-2018-1630MEDIUMCVSS 6.7EG 6.72019-08-20
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
- CVE-2018-1631MEDIUMCVSS 6.7EG 6.72019-08-20
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
- CVE-2018-1632MEDIUMCVSS 6.7EG 6.72019-08-20
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
- CVE-2018-1633MEDIUMCVSS 6.7EG 6.72019-08-20
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
- CVE-2018-1634MEDIUMCVSS 6.7EG 6.72019-08-20
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
- CVE-2018-17559HIGHCVSS 7.5EG 7.52023-10-26
Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.
- CVE-2018-17567HIGHCVSS 7.5EG 7.52018-09-28
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
- CVE-2018-1780HIGHCVSS 7.8EG 7.82018-11-09
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally…
- CVE-2018-1781HIGHCVSS 8.4EG 7.82018-11-09
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have …
- CVE-2018-17955LOWCVSS 2.2EG 5.52019-03-15
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
- CVE-2018-1834HIGHCVSS 7.4EG 7.82018-11-09
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.
- CVE-2018-19044MEDIUMCVSS 4.7EG 4.72018-11-08
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstr…
- CVE-2018-19637LOWCVSS 2.8EG 5.52019-03-05
Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection
- CVE-2018-19638LOWCVSS 2.2EG 4.72019-03-05
In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files.
- CVE-2018-20834HIGHCVSS 7.5EG 7.52019-04-30
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with…
- CVE-2018-20990HIGHCVSS 7.5EG 7.52019-08-26
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
- CVE-2018-21269MEDIUMCVSS 5.5EG 5.52020-10-27
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.
- CVE-2018-4112MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling.
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →