Total
1193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33148 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-08-02 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2023-32556 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-08-02 | 5.5 Medium |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-32474 | 1 Dell | 1 Display Manager | 2024-08-02 | 6.6 Medium |
| Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion | ||||
| CVE-2023-32454 | 1 Dell | 1 Update Package Framework | 2024-08-02 | 6.3 Medium |
| DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service | ||||
| CVE-2023-32175 | 1 Vipre | 1 Antivirus Plus | 2024-08-02 | N/A |
| VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18899. | ||||
| CVE-2023-32050 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 | 2024-08-02 | 7 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2023-32056 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2024-08-02 | 7.8 High |
| Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | ||||
| CVE-2023-32053 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2023-32012 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-08-02 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-31003 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-08-02 | 8.4 High |
| IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | ||||
| CVE-2023-29351 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 8.1 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2023-29343 | 1 Microsoft | 1 Windows Sysmon | 2024-08-02 | 7.8 High |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | ||||
| CVE-2023-28972 | 1 Juniper | 4 Junos, Nfx150, Nfx250 and 1 more | 2024-08-02 | 6.8 Medium |
| An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos OS on NFX Series: 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S12; 20.2 versions prior to 20.2R3-S8; 20.4 versions prior to 20.4R3-S7; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2. | ||||
| CVE-2023-28892 | 1 Malwarebytes | 1 Adwcleaner | 2024-08-02 | 7.8 High |
| Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link. | ||||
| CVE-2023-28871 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-08-02 | 4.3 Medium |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | ||||
| CVE-2023-28868 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-08-02 | 8.1 High |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | ||||
| CVE-2023-28869 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-08-02 | 6.5 Medium |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | ||||
| CVE-2023-28797 | 1 Zscaler | 1 Client Connector | 2024-08-02 | 6.3 Medium |
| Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. | ||||
| CVE-2023-28642 | 2 Linuxfoundation, Redhat | 6 Runc, Enterprise Linux, Openshift and 3 more | 2024-08-02 | 6.1 Medium |
| runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | ||||
| CVE-2023-28141 | 1 Qualys | 1 Cloud Agent | 2024-08-02 | 6.7 Medium |
| An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or otherwise on unauthorized files, allowing for the potential modification or deletion of sensitive files limited only to that specific directory/file object. This vulnerability is bounded to the time of installation/uninstallation and can only be exploited locally. At the time of this disclosure, versions before 4.0 are classified as End of Life. | ||||