Filtered by vendor
Subscriptions
Total
1234 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38022 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-10 | 7 High |
Windows Image Acquisition Elevation of Privilege Vulnerability | ||||
CVE-2024-38013 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-12-10 | 6.7 Medium |
Microsoft Windows Server Backup Elevation of Privilege Vulnerability | ||||
CVE-2024-43603 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-12-10 | 5.5 Medium |
Visual Studio Collector Service Denial of Service Vulnerability | ||||
CVE-2024-43551 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2024-12-10 | 7.8 High |
Windows Storage Elevation of Privilege Vulnerability | ||||
CVE-2024-43501 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-12-10 | 7.8 High |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2024-12-10 | 7.1 High |
Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-12-10 | 7 High |
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||||
CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-12-10 | 7.8 High |
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-12-10 | 7.8 High |
Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2024-12-10 | 7.8 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-7227 | 1 Avast | 1 Free Antivirus | 2024-12-09 | 7.8 High |
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272. | ||||
CVE-2024-7228 | 1 Avast | 1 Free Antivirus | 2024-12-09 | 5.5 Medium |
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806. | ||||
CVE-2024-7229 | 1 Avast | 2 Cleanup, Cleanup Premium | 2024-12-09 | 7.8 High |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892. | ||||
CVE-2024-7230 | 1 Avast | 2 Cleanup, Cleanup Premium | 2024-12-09 | 7.8 High |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893. | ||||
CVE-2024-7231 | 1 Avast | 2 Cleanup, Cleanup Premium | 2024-12-09 | 7.8 High |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894. | ||||
CVE-2024-44273 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-09 | 5.5 Medium |
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information. | ||||
CVE-2024-23285 | 1 Apple | 1 Macos | 2024-12-07 | 5.5 Medium |
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk. | ||||
CVE-2024-53691 | 1 Qnap | 2 Qts, Quts Hero | 2024-12-06 | N/A |
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later | ||||
CVE-2024-50404 | 2024-12-06 | N/A | ||
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later | ||||
CVE-2024-26199 | 1 Microsoft | 1 365 Apps | 2024-12-06 | 7.8 High |
Microsoft Office Elevation of Privilege Vulnerability |