CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 13 of 30
- CVE-2019-9949HIGHCVSS 8.8EG 8.82019-05-23
Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cg…
- CVE-2020-0616MEDIUMCVSS 5.5EG 5.52020-01-14
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
- CVE-2020-0638HIGHCVSS 7.8EG 9.0⚠ KEV2020-01-14
An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager El…
- CVE-2020-0683HIGHCVSS 7.8EG 9.0⚠ KEV2020-02-11
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
- CVE-2020-0730HIGHCVSS 7.1EG 7.12020-02-11
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
- CVE-2020-0779MEDIUMCVSS 5.5EG 5.52020-03-12
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-20…
- CVE-2020-0787HIGHCVSS 7.8EG 9.0⚠ KEV2020-03-12
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
- CVE-2020-0789HIGHCVSS 7.1EG 7.12020-03-12
A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.
- CVE-2020-10003HIGHCVSS 7.8EG 7.82020-12-08
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may b…
- CVE-2020-10174HIGHCVSS 7.0EG 7.02020-03-05
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users…
- CVE-2020-10665MEDIUMCVSS 6.7EG 6.72020-03-18
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This aff…
- CVE-2020-10947HIGHCVSS 8.8EG 8.82020-04-17
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
- CVE-2020-11443HIGHCVSS 8.1EG 8.12020-05-04
The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write…
- CVE-2020-11446HIGHCVSS 7.8EG 7.82020-04-29
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally no…
- CVE-2020-11474HIGHCVSS 7.8EG 7.82020-07-28
NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
- CVE-2020-11736LOWCVSS 3.9EG 3.92020-04-13
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
- CVE-2020-12254HIGHCVSS 7.8EG 7.82020-04-26
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.
- CVE-2020-12265CRITICALCVSS 9.8EG 9.82020-04-26
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.
- CVE-2020-12878HIGHCVSS 7.8EG 7.82021-02-18
Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory.
- CVE-2020-13095HIGHCVSS 8.8EG 8.82020-06-30
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
- CVE-2020-13833CRITICALCVSS 9.1EG 9.12020-06-04
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).
- CVE-2020-14004HIGHCVSS 7.8EG 7.82020-06-12
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/ici…
- CVE-2020-14367MEDIUMCVSS 6.0EG 6.02020-08-24
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does n…
- CVE-2020-14990HIGHCVSS 7.1EG 7.12020-06-22
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.
- CVE-2020-15075HIGHCVSS 7.1EG 7.12021-03-30
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
- CVE-2020-15076HIGHCVSS 7.8EG 7.82021-05-26
Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp.
- CVE-2020-15401MEDIUMCVSS 4.4EG 4.42020-06-30
IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.
- CVE-2020-15861HIGHCVSS 7.8EG 7.82020-08-20
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
- CVE-2020-15932HIGHCVSS 8.8EG 8.82020-07-24
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
- CVE-2020-16007HIGHCVSS 7.8EG 7.82020-11-03
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.
- CVE-2020-16851HIGHCVSS 7.1EG 7.12020-09-11
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevat…
- CVE-2020-16853HIGHCVSS 7.1EG 7.12020-09-11
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevat…
- CVE-2020-16939HIGHCVSS 7.8EG 7.82020-10-16
<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an att…
- CVE-2020-17365HIGHCVSS 7.8EG 7.82020-09-24
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to c…
- CVE-2020-1885HIGHCVSS 7.8EG 7.82020-04-08
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a …
- CVE-2020-2024MEDIUMCVSS 6.5EG 6.52020-05-19
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath i…
- CVE-2020-2026HIGHCVSS 7.8EG 7.82020-06-10
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allow…
- CVE-2020-23968HIGHCVSS 7.8EG 7.82020-11-10
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&G\Logs\000-sngWSService1.log.
- CVE-2020-24332MEDIUMCVSS 5.5EG 5.52020-08-13
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which c…
- CVE-2020-24556HIGHCVSS 7.8EG 7.82020-09-01
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which the…
- CVE-2020-24559HIGHCVSS 7.8EG 7.82020-09-01
A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, wh…
- CVE-2020-24562HIGHCVSS 7.8EG 7.82020-09-29
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker mus…
- CVE-2020-24654LOWCVSS 3.3EG 3.32020-09-02
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
- CVE-2020-24955HIGHCVSS 7.8EG 7.82020-09-01
SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstr…
- CVE-2020-25031HIGHCVSS 7.8EG 7.82020-08-31
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.
- CVE-2020-25289MEDIUMCVSS 5.5EG 5.52020-09-13
The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).
- CVE-2020-25744HIGHCVSS 8.1EG 8.12020-09-18
SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.
- CVE-2020-25776HIGHCVSS 7.8EG 7.82020-10-02
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the abilit…
- CVE-2020-25989HIGHCVSS 7.8EG 7.82020-11-19
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
- CVE-2020-26277MEDIUMCVSS 6.1EG 6.12020-12-21
DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →