Filtered by CWE-59
Filtered by vendor Subscriptions
Total 1234 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-9341 2 Containers, Redhat 5 Common, Enterprise Linux, Openshift and 2 more 2024-12-24 5.4 Medium
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
CVE-2024-49051 1 Microsoft 1 Pc Manager 2024-12-20 7.8 High
Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2024-49107 2024-12-20 7.3 High
WmsRepair Service Elevation of Privilege Vulnerability
CVE-2024-49059 2024-12-20 7 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-7234 1 Avg 2 Anti-virus, Antivirus 2024-12-19 7.8 High
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22260.
CVE-2024-7235 1 Avg 1 Antivirus 2024-12-19 5.5 Medium
AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-22803.
CVE-2024-7236 1 Avg 1 Antivirus 2024-12-19 5.5 Medium
AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. Was ZDI-CAN-22942.
CVE-2024-7237 1 Avg 2 Anti-virus, Antivirus 2024-12-19 7.8 High
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22960.
CVE-2023-43078 1 Dell 699 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 696 more 2024-12-19 6.7 Medium
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
CVE-2024-46744 1 Linux 1 Linux Kernel 2024-12-19 7.8 High
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake.
CVE-2024-12552 2024-12-16 N/A
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359.
CVE-2024-44132 1 Apple 1 Macos 2024-12-12 8.4 High
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.
CVE-2023-42942 1 Apple 6 Ipad Os, Ipados, Iphone Os and 3 more 2024-12-12 7.8 High
This issue was addressed with improved handling of symlinks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. A malicious app may be able to gain root privileges.
CVE-2024-37143 2024-12-11 10 Critical
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-7232 1 Avast 1 Free Antivirus 2024-12-11 7.8 High
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22963.
CVE-2024-7238 1 Vipre 1 Advanced Security 2024-12-11 7.8 High
VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22238.
CVE-2024-7239 1 Vipre 1 Advanced Security 2024-12-11 7.8 High
VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22314.
CVE-2024-7240 1 F-secure 1 Total 2024-12-11 7.8 High
F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005.
CVE-2024-38081 1 Microsoft 16 .net, .net Framework, Visual Studio 2022 and 13 more 2024-12-10 7.3 High
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-35261 1 Microsoft 1 Azure Network Watcher Agent 2024-12-10 7.8 High
Azure Network Watcher VM Extension Elevation of Privilege Vulnerability