Total
1176 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-34283 | 2024-08-02 | N/A | ||
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. | ||||
CVE-2023-34204 | 1 Imapsync Project | 1 Imapsync | 2024-08-02 | 6.5 Medium |
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. | ||||
CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2024-08-02 | 7.8 High |
RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | ||||
CVE-2023-33245 | 1 Minecraft | 1 Minecraft | 2024-08-02 | 8.8 High |
Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. | ||||
CVE-2023-33148 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-08-02 | 7.8 High |
Microsoft Office Elevation of Privilege Vulnerability | ||||
CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 5.5 Medium |
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
CVE-2023-32474 | 1 Dell | 1 Display Manager | 2024-08-02 | 6.6 Medium |
Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | ||||
CVE-2023-32454 | 1 Dell | 1 Update Package Framework | 2024-08-02 | 6.3 Medium |
DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | ||||
CVE-2023-32182 | 2 Opensuse, Suse | 3 Leap, Linux Enterprise High Performance Computing, Suse Linux Enterprise Desktop | 2024-08-02 | 5.9 Medium |
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | ||||
CVE-2023-32163 | 2 Microsoft, Wacom | 2 Windows, Driver | 2024-08-02 | 7.8 High |
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857. | ||||
CVE-2023-32175 | 1 Vipre | 1 Antivirus Plus | 2024-08-02 | N/A |
VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899. | ||||
CVE-2023-32050 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 | 2024-08-02 | 7 High |
Windows Installer Elevation of Privilege Vulnerability | ||||
CVE-2023-32056 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 7.8 High |
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | ||||
CVE-2023-32053 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 7.8 High |
Windows Installer Elevation of Privilege Vulnerability | ||||
CVE-2023-32012 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-08-02 | 7.8 High |
Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-08-02 | 8.4 High |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
CVE-2023-29351 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 8.1 High |
Windows Group Policy Elevation of Privilege Vulnerability | ||||
CVE-2023-29343 | 1 Microsoft | 1 Windows Sysmon | 2024-08-02 | 7.8 High |
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | ||||
CVE-2023-28972 | 1 Juniper | 4 Junos, Nfx150, Nfx250 and 1 more | 2024-08-02 | 6.8 Medium |
An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | ||||
CVE-2023-28892 | 1 Malwarebytes | 1 Adwcleaner | 2024-08-02 | 7.8 High |
Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. |