Filtered by CWE-59
Filtered by vendor Subscriptions
Total 1234 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45315 2024-11-01 5.5 Medium
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack.
CVE-2024-44264 1 Apple 1 Macos 2024-10-30 7.5 High
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk.
CVE-2024-44175 1 Apple 1 Macos 2024-10-30 7.5 High
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data.
CVE-2024-38098 1 Microsoft 1 Azure Connected Machine Agent 2024-10-16 7.8 High
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-38084 1 Microsoft 1 Officeplus 2024-10-16 7.8 High
Microsoft OfficePlus Elevation of Privilege Vulnerability
CVE-2024-45316 1 Sonicwall 1 Connect Tunnel 2024-10-15 7.8 High
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack.
CVE-2024-43470 1 Microsoft 2 Azure Network Watcher Agent, Azure Network Watcher Agent For Windows 2024-10-09 7.3 High
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-38188 1 Microsoft 2 Azure Network Watcher Agent, Azure Network Watcher Agent For Windows 2024-10-09 7.1 High
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2024-27458 1 Hp 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more 2024-10-07 8.8 High
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.
CVE-2024-8404 1 Papercut 2 Papercut Mf, Papercut Ng 2024-10-03 7.8 High
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037.
CVE-2024-44131 1 Apple 3 Ipados, Iphone Os, Macos 2024-09-24 5.5 Medium
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data.
CVE-2024-44178 1 Apple 1 Macos 2024-09-24 5.5 Medium
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
CVE-2024-39578 1 Dell 1 Powerscale Onefs 2024-09-03 6.3 Medium
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
CVE-2024-5928 1 Vipre 1 Advanced Security 2024-08-23 7.8 High
VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315.