Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7229 | 1 Avast | 1 Cleanup Premium | 2024-12-09 | N/A | 7.8 HIGH |
|
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this ...
Show More |
|||||
| CVE-2024-7230 | 1 Avast | 1 Cleanup Premium | 2024-12-09 | N/A | 7.8 HIGH |
|
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this ...
Show More |
|||||
| CVE-2024-7231 | 1 Avast | 1 Cleanup Premium | 2024-12-09 | N/A | 7.8 HIGH |
|
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this ...
Show More |
|||||
| CVE-2024-26199 | 1 Microsoft | 1 365 Apps | 2024-12-06 | N/A | 7.8 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-26158 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-06 | N/A | 7.8 HIGH |
|
Microsoft Install Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28642 | 1 Linuxfoundation | 1 Runc | 2024-12-06 | N/A | 6.1 MEDIUM |
|
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
|
|||||
| CVE-2024-28907 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-12-05 | N/A | 7.8 HIGH |
|
Microsoft Brokering File System Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21432 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-29 | N/A | 7.0 HIGH |
|
Windows Update Stack Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-22038 | 2024-11-28 | N/A | 7.3 HIGH | ||
|
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
|
|||||
| CVE-2024-1753 | 2024-11-26 | N/A | 8.6 HIGH | ||
|
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
|
|||||
| CVE-2023-27469 | 1 Malwarebytes | 1 Anti-exploit | 2024-11-26 | N/A | 7.1 HIGH |
|
Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.
|
|||||
| CVE-2024-9766 | 1 Wacom | 1 Center | 2024-11-26 | N/A | 7.8 HIGH |
|
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this ...
Show More |
|||||
| CVE-2024-7241 | 1 Pandasecurity | 1 Panda Dome | 2024-11-26 | N/A | 7.8 HIGH |
|
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vu ...
Show More |
|||||
| CVE-2024-7243 | 1 Pandasecurity | 1 Panda Dome | 2024-11-26 | N/A | 7.8 HIGH |
|
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this v ...
Show More |
|||||
| CVE-2024-7242 | 1 Pandasecurity | 1 Panda Dome | 2024-11-26 | N/A | 7.8 HIGH |
|
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this v ...
Show More |
|||||
| CVE-2024-52522 | 2024-11-21 | N/A | N/A | ||
|
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confide ...
Show More |
|||||
| CVE-2024-7252 | 1 Comodo | 1 Internet Security | 2024-11-21 | N/A | 7.8 HIGH |
|
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacke ...
Show More |
|||||
| CVE-2024-7251 | 1 Comodo | 1 Internet Security | 2024-11-21 | N/A | 7.8 HIGH |
|
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to create a file. An attacke ...
Show More |
|||||
| CVE-2024-7250 | 1 Comodo | 1 Internet Security | 2024-11-21 | N/A | 7.8 HIGH |
|
Comodo Internet Security Pro cmdagent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacke ...
Show More |
|||||
| CVE-2024-7249 | 1 Comodo | 1 Firewall | 2024-11-21 | N/A | 7.8 HIGH |
|
Comodo Firewall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the cmdagent executable. By creating a symbolic link, an attacker can abuse the application to delete a file. An attacker can leverage this vulnerabi ...
Show More |
|||||
| CVE-2024-6147 | 1 Hp | 1 Poly Plantronics Hub | 2024-11-21 | N/A | 7.8 HIGH |
|
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Spokes Update Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this v ...
Show More |
|||||
| CVE-2024-5742 | 2 Gnu, Redhat | 2 Nano, Enterprise Linux | 2024-11-21 | N/A | 6.7 MEDIUM |
|
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
|
|||||
| CVE-2024-5102 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | N/A | 7.0 HIGH |
|
A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provid ...
Show More |
|||||
| CVE-2024-38081 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2024-11-21 | N/A | 7.3 HIGH |
|
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38022 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Windows Image Acquisition Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38013 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-35261 | 1 Microsoft | 1 Azure Network Watcher Agent | 2024-11-21 | N/A | 7.8 HIGH |
|
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-35254 | 1 Microsoft | 1 Azure Monitor Agent | 2024-11-21 | N/A | 7.1 HIGH |
|
Azure Monitor Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-35253 | 1 Microsoft | 1 Azure File Sync | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Microsoft Azure File Sync Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30104 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Office Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30093 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Windows Storage Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30076 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Windows Container Manager Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-30065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Windows Themes Denial of Service Vulnerability
|
|||||
| CVE-2024-29188 | 2024-11-21 | N/A | 7.9 HIGH | ||
|
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author ...
Show More |
|||||
| CVE-2024-29069 | 1 Canonical | 1 Snapd | 2024-11-21 | N/A | 4.8 MEDIUM |
|
In snapd versions prior to 2.62, snapd failed to properly check the
destination of symbolic links when extracting a snap. The snap format
is a squashfs file-system image and so can contain symbolic links and
other file types. Various file entries within the snap squashfs image
(such as icons and desktop files etc) are directly read by snapd when
it is extracted. An attacker who could convince a user to install a
malicious snap which contained symbolic links at these paths could then
cause snap ...
Show More |
|||||
| CVE-2024-28189 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
|
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.
|
|||||
| CVE-2024-28185 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
|
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writin ...
Show More |
|||||
| CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Microsoft Azure File Sync Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-11-21 | N/A | 7.3 HIGH |
|
Azure Connected Machine Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Elevation of Privilege Vulnerability
|
|||||