Total
1174 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-23459 | 2024-08-01 | 7.1 High | ||
An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | ||||
CVE-2024-21447 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2024-08-01 | 7.8 High |
Windows Authentication Elevation of Privilege Vulnerability | ||||
CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-08-01 | 7.3 High |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-08-01 | 7.8 High |
Visual Studio Elevation of Privilege Vulnerability | ||||
CVE-2024-6147 | 2024-08-01 | N/A | ||
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18271. | ||||
CVE-2024-5102 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-08-01 | 7.0 High |
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance. This issue affects Avast Antivirus prior to 24.2. | ||||
CVE-2024-4712 | 2024-08-01 | 6 Medium | ||
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | ||||
CVE-2024-3037 | 2024-08-01 | 6 Medium | ||
An arbitrary file deletion vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This vulnerability requires local login/console access to the PaperCut NG/MF server (eg: member of a domain admin group). | ||||
CVE-2024-4454 | 2024-08-01 | N/A | ||
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | ||||
CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2024-08-01 | 7.1 High |
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | ||||
CVE-1999-1386 | 1 Perl | 1 Perl | 2024-08-01 | 5.5 Medium |
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | ||||
CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2024-08-01 | N/A |
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | ||||
CVE-1999-0794 | 1 Microsoft | 2 Excel, Office | 2024-08-01 | N/A |
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | ||||
CVE-1999-0783 | 1 Freebsd | 1 Freebsd | 2024-08-01 | 5.5 Medium |
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |