← Back
CWE-59

1,502 CVEs • Abstraction: Base • Likelihood of Exploit: Medium

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

JSON object

Loading...

CVEs (1,502)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-8831
2Apport Project
Canonical
2Apport
Ubuntu Linux
Nov 21, 2024
Apr 22, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the d...Show more
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.Show less
CVE-2020-8099
1Bitdefender
1Antivirus 2020
Nov 21, 2024
Apr 21, 2020
N/A· v4
6.2 MEDIUM· v3
4.6 MEDIUM· v2
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefende...Show more
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.Show less
CVE-2020-10947
1Sophos
2Anti Virus For Sophos Central
Anti Virus For Sophos Home
Nov 21, 2024
Apr 17, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
CVE-2020-8948
1Sierrawireless
1Mobile Broadband Driver Package
Nov 21, 2024
Apr 15, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage th...Show more
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.Show less
CVE-2020-7250
1Mcafee
1Endpoint Security
Nov 21, 2024
Apr 15, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the...Show more
Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.Show less
CVE-2020-5738
1Grandstream
6Gxp1610 Firmware
Gxp1615 FirmwareGxp1620 Firmware+3 more
Nov 21, 2024
Apr 14, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
CVE-2020-11736
3Canonical
DebianGnome
3Debian Linux
File RollerUbuntu Linux
Nov 21, 2024
Apr 13, 2020
N/A· v4
3.9 LOW· v3
3.3 LOW· v2
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction...Show more
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.Show less
CVE-2020-1885
1Oculus
1Desktop
Nov 21, 2024
Apr 8, 2020
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involvin...Show more
Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.Show less
CVE-2020-8015
1Exim
1Exim
Nov 21, 2024
Apr 2, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.Show less
CVE-2020-10665
1Docker
1Desktop
Nov 21, 2024
Mar 18, 2020
N/A· v4
6.7 MEDIUM· v3
7.2 HIGH· v2
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary fi...Show more
Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0.Show less
CVE-2020-0789
1Microsoft
1Visual Studio 2019
Nov 21, 2024
Mar 12, 2020
N/A· v4
7.1 HIGH· v3
6.6 MEDIUM· v2
A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka 'Visual Studio Extension Installer Service Denial of Service Vulnerability'.
CVE-2020-0787
1Microsoft
17Windows 10 1507
Windows 10 1607Windows 10 1709+14 more
Oct 29, 2025
Mar 12, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privileg...Show more
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.Show less
CVE-2020-0779
1Microsoft
8Windows 10
Windows 7Windows 8.1+5 more
Nov 21, 2024
Mar 12, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CV...Show more
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0798, CVE-2020-0814, CVE-2020-0842, CVE-2020-0843.Show less
CVE-2020-10174
3Canonical
FedoraprojectTimeshift Project
3Fedora
TimeshiftUbuntu Linux
Nov 21, 2024
Mar 5, 2020
N/A· v4
7.0 HIGH· v3
6.9 MEDIUM· v2
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by...Show more
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.Show less
CVE-2020-8013
2Opensuse
Suse
2Leap
Linux Enterprise Server
Nov 21, 2024
Mar 2, 2020
N/A· v4
2.5 LOW· v3
1.9 LOW· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on oth...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.Show less
CVE-2019-18901
2Opensuse
Suse
2Leap
Linux Enterprise Server
Nov 21, 2024
Mar 2, 2020
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permiss...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Linux Enterprise Server 12 mariadb versions prior to 10.2.31-3.25.1. SUSE Linux Enterprise Server 15 mariadb versions prior to 10.2.31-3.26.1.Show less
CVE-2019-18897
2Opensuse
Suse
2Leap
Linux Enterprise Server
Nov 21, 2024
Mar 2, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from use...Show more
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.Show less
CVE-2019-3698
2Nagios
Opensuse
3Backports Sle
LeapNagios
Nov 21, 2024
Feb 28, 2020
N/A· v4
7.0 HIGH· v3
6.9 MEDIUM· v2
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or p...Show more
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.Show less
CVE-2020-3835
1Apple
1Mac Os X
Nov 21, 2024
Feb 27, 2020
N/A· v4
4.4 MEDIUM· v3
3.6 LOW· v2
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restrict...Show more
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files.Show less
CVE-2020-3830
1Apple
1Mac Os X
Nov 21, 2024
Feb 27, 2020
N/A· v4
3.3 LOW· v3
3.6 LOW· v2
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbit...Show more
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to overwrite arbitrary files.Show less