Filtered by CWE-59
Filtered by vendor Subscriptions
Total 1234 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38022 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-12-10 7 High
Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2024-38013 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-12-10 6.7 Medium
Microsoft Windows Server Backup Elevation of Privilege Vulnerability
CVE-2024-43603 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2024-12-10 5.5 Medium
Visual Studio Collector Service Denial of Service Vulnerability
CVE-2024-43551 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2024-12-10 7.8 High
Windows Storage Elevation of Privilege Vulnerability
CVE-2024-43501 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-12-10 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38097 1 Microsoft 1 Azure Monitor Agent 2024-12-10 7.1 High
Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2023-36568 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2024-12-10 7 High
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36711 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2024-12-10 7.8 High
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2023-36723 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2024-12-10 7.8 High
Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2023-36737 1 Microsoft 1 Azure Network Watcher 2024-12-10 7.8 High
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-7227 1 Avast 1 Free Antivirus 2024-12-09 7.8 High
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272.
CVE-2024-7228 1 Avast 1 Free Antivirus 2024-12-09 5.5 Medium
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.
CVE-2024-7229 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892.
CVE-2024-7230 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893.
CVE-2024-7231 1 Avast 2 Cleanup, Cleanup Premium 2024-12-09 7.8 High
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894.
CVE-2024-44273 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-12-09 5.5 Medium
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.
CVE-2024-23285 1 Apple 1 Macos 2024-12-07 5.5 Medium
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk.
CVE-2024-53691 1 Qnap 2 Qts, Quts Hero 2024-12-06 N/A
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later
CVE-2024-50404 2024-12-06 N/A
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
CVE-2024-26199 1 Microsoft 1 365 Apps 2024-12-06 7.8 High
Microsoft Office Elevation of Privilege Vulnerability