Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 7.7 HIGH |
|
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.
|
|||||
| CVE-2024-0206 | 2 Microsoft, Trellix | 2 Windows, Anti-malware Engine | 2024-11-21 | N/A | 7.1 HIGH |
|
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files
|
|||||
| CVE-2023-6336 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2024-11-21 | N/A | 7.2 HIGH |
|
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
|
|||||
| CVE-2023-6335 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.
|
|||||
| CVE-2023-6069 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 9.9 CRITICAL |
|
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
|
|||||
| CVE-2023-5834 | 1 Hashicorp | 1 Vagrant | 2024-11-21 | N/A | 3.8 LOW |
|
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
|
|||||
| CVE-2023-52338 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2024-11-21 | N/A | 7.8 HIGH |
|
A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2023-51654 | 1 Brother | 1 Iprint\&scan | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC.
|
|||||
| CVE-2023-4759 | 3 Apple, Eclipse, Microsoft | 3 Macos, Jgit, Windows | 2024-11-21 | N/A | 8.8 HIGH |
|
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0
In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.
This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUp ...
Show More |
|||||
| CVE-2023-4053 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.
|
|||||
| CVE-2023-4052 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user.
*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR ...
Show More |
|||||
| CVE-2023-46655 | 1 Jenkins | 1 Cloudbees Cd | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
|
|||||
| CVE-2023-46654 | 1 Jenkins | 1 Cloudbees Cd | 2024-11-21 | N/A | 8.1 HIGH |
|
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.
|
|||||
| CVE-2023-43590 | 1 Zoom | 1 Rooms | 2024-11-21 | N/A | 7.8 HIGH |
|
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
|
|||||
| CVE-2023-43116 | 1 Buildkite | 1 Elastic Ci Stack | 2024-11-21 | N/A | 7.8 HIGH |
|
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
|
|||||
| CVE-2023-42844 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.5 HIGH |
|
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.
|
|||||
| CVE-2023-42137 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks.
The attacker must have shell access to the device in order to exploit this vulnerability.
|
|||||
| CVE-2023-40028 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known w ...
Show More |
|||||
| CVE-2023-39246 | 2 Dell, Microsoft | 4 Encryption, Endpoint Security Suite Enterprise, Security Management Server and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
|
Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation
|
|||||
| CVE-2023-39107 | 2 Apple, Nomachine | 2 Macos, Nomachine | 2024-11-21 | N/A | 9.1 CRITICAL |
|
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.
|
|||||
| CVE-2023-38175 | 1 Microsoft | 1 Windows Defender | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Windows Defender Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-37206 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-36903 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows System Assessment Tool Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36876 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.1 HIGH |
|
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36758 | 1 Microsoft | 1 Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
|
Visual Studio Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2024-11-21 | N/A | 7.8 HIGH |
|
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Container Manager Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36705 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.0 HIGH |
|
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36399 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Windows Storage Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36394 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Windows Search Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36391 | 1 Microsoft | 1 Windows 11 23h2 | 2024-11-21 | N/A | 7.8 HIGH |
|
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36047 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Authentication Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36046 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Windows Authentication Denial of Service Vulnerability
|
|||||
| CVE-2023-35624 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-11-21 | N/A | 7.3 HIGH |
|
Azure Connected Machine Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-35379 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
|
Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-35353 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-35347 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Microsoft Install Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-35342 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Image Acquisition Elevation of Privilege Vulnerability
|
|||||