CWE-59— Improper Link Resolution Before File Access (Link Following)
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.— MITRE CWE catalog
1,471 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-59page 20 of 30
- CVE-2023-28892HIGHCVSS 7.8EG 7.82023-03-29
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileg…
- CVE-2023-28972MEDIUMCVSS 6.8EG 6.82023-04-17
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root …
- CVE-2023-29343HIGHCVSS 7.8EG 7.82023-05-09
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
- CVE-2023-29351HIGHCVSS 8.1EG 8.12023-06-14
Windows Group Policy Elevation of Privilege Vulnerability
- CVE-2023-2939HIGHCVSS 7.8EG 7.82023-05-30
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
- CVE-2023-31003HIGHCVSS 8.4EG 8.42024-01-11
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Fo…
- CVE-2023-32012HIGHCVSS 7.8EG 6.32023-06-14
Windows Container Manager Service Elevation of Privilege Vulnerability
- CVE-2023-32050HIGHCVSS 7.0EG 7.02023-07-11
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-32053HIGHCVSS 7.8EG 7.82023-07-11
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-32056HIGHCVSS 7.8EG 7.82023-07-11
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
- CVE-2023-32163HIGHCVSS 7.8EG 7.82023-09-06
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the a…
- CVE-2023-32175HIGHCVSS 7.8EG 7.82024-05-03
VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to …
- CVE-2023-32178HIGHCVSS 7.8EG 7.82024-05-03
VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain…
- CVE-2023-32179HIGHCVSS 7.8EG 7.82024-05-03
VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain …
- CVE-2023-32182MEDIUMCVSS 5.9EG 5.92023-09-19
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This…
- CVE-2023-32454MEDIUMCVSS 6.3EG 6.32024-02-06
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service
- CVE-2023-32474MEDIUMCVSS 6.6EG 6.62024-02-06
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary fold…
- CVE-2023-32556MEDIUMCVSS 5.5EG 5.52023-06-26
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged …
- CVE-2023-33148HIGHCVSS 7.8EG 7.82023-07-11
Microsoft Office Elevation of Privilege Vulnerability
- CVE-2023-33245HIGHCVSS 8.8EG 8.82023-05-30
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.
- CVE-2023-33865HIGHCVSS 7.8EG 7.82023-06-07
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.
- CVE-2023-34204MEDIUMCVSS 6.5EG 6.52023-05-30
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belongin…
- CVE-2023-34283MEDIUMCVSS 4.6EG 4.62024-05-03
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not…
- CVE-2023-34723HIGHCVSS 7.5EG 7.52023-08-25
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
- CVE-2023-35320HIGHCVSS 7.8EG 7.82023-07-11
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
- CVE-2023-35342HIGHCVSS 7.8EG 7.82023-07-11
Windows Image Acquisition Elevation of Privilege Vulnerability
- CVE-2023-35347HIGHCVSS 7.1EG 7.12023-07-11
Microsoft Install Service Elevation of Privilege Vulnerability
- CVE-2023-35353HIGHCVSS 7.8EG 7.82023-07-11
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
- CVE-2023-35379HIGHCVSS 7.8EG 7.82023-08-08
Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
- CVE-2023-35624HIGHCVSS 7.3EG 7.32023-12-12
Azure Connected Machine Agent Elevation of Privilege Vulnerability
- CVE-2023-35633HIGHCVSS 7.8EG 7.82023-12-12
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-36046HIGHCVSS 7.1EG 7.12023-11-14
Windows Authentication Denial of Service Vulnerability
- CVE-2023-36047HIGHCVSS 7.8EG 7.82023-11-14
Windows Authentication Elevation of Privilege Vulnerability
- CVE-2023-36391HIGHCVSS 7.8EG 7.82023-12-12
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- CVE-2023-36394HIGHCVSS 7.0EG 7.02023-11-14
Windows Search Service Elevation of Privilege Vulnerability
- CVE-2023-36399HIGHCVSS 7.1EG 7.12023-11-14
Windows Storage Elevation of Privilege Vulnerability
- CVE-2023-36568HIGHCVSS 7.0EG 7.02023-10-10
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
- CVE-2023-36705HIGHCVSS 7.8EG 7.82023-11-14
Windows Installer Elevation of Privilege Vulnerability
- CVE-2023-36711HIGHCVSS 7.8EG 7.82023-10-10
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
- CVE-2023-36723HIGHCVSS 7.8EG 7.82023-10-10
Windows Container Manager Service Elevation of Privilege Vulnerability
- CVE-2023-36737HIGHCVSS 7.8EG 7.82023-10-10
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
- CVE-2023-36758HIGHCVSS 7.8EG 7.82023-09-12
Visual Studio Elevation of Privilege Vulnerability
- CVE-2023-36874HIGHCVSS 7.8EG 9.0⚠ KEV2023-07-11
Windows Error Reporting Service Elevation of Privilege Vulnerability
- CVE-2023-36876HIGHCVSS 7.1EG 7.12023-08-08
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
- CVE-2023-36903HIGHCVSS 7.8EG 7.82023-08-08
Windows System Assessment Tool Elevation of Privilege Vulnerability
- CVE-2023-37206MEDIUMCVSS 6.5EG 6.52023-07-05
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
- CVE-2023-38175HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Windows Defender Elevation of Privilege Vulnerability
- CVE-2023-39107CRITICALCVSS 9.1EG 9.12023-08-04
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
- CVE-2023-39246MEDIUMCVSS 4.6EG 4.62023-11-16
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potent…
- CVE-2023-40028MEDIUMCVSS 4.9EG 4.92023-08-15
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any f…
Map vulnerabilities like CWE-59 to your infrastructure
EchelonGraph correlates every CVE — across CWE-59 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →