Filtered by vendor
Subscriptions
Total
1234 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-45315 | 2024-11-01 | 5.5 Medium | ||
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, potentially leading to local Denial of Service (DoS) attack. | ||||
CVE-2024-44264 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A malicious app may be able to create symlinks to protected regions of the disk. | ||||
CVE-2024-44175 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1. An app may be able to access sensitive user data. | ||||
CVE-2024-38098 | 1 Microsoft | 1 Azure Connected Machine Agent | 2024-10-16 | 7.8 High |
Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-38084 | 1 Microsoft | 1 Officeplus | 2024-10-16 | 7.8 High |
Microsoft OfficePlus Elevation of Privilege Vulnerability | ||||
CVE-2024-45316 | 1 Sonicwall | 1 Connect Tunnel | 2024-10-15 | 7.8 High |
The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, potentially leading to local privilege escalation attack. | ||||
CVE-2024-43470 | 1 Microsoft | 2 Azure Network Watcher Agent, Azure Network Watcher Agent For Windows | 2024-10-09 | 7.3 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-38188 | 1 Microsoft | 2 Azure Network Watcher Agent, Azure Network Watcher Agent For Windows | 2024-10-09 | 7.1 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-27458 | 1 Hp | 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more | 2024-10-07 | 8.8 High |
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | ||||
CVE-2024-8404 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-10-03 | 7.8 High |
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split from CVE-2024-3037. | ||||
CVE-2024-44131 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | 5.5 Medium |
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to access sensitive user data. | ||||
CVE-2024-44178 | 1 Apple | 1 Macos | 2024-09-24 | 5.5 Medium |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system. | ||||
CVE-2024-39578 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | 6.3 Medium |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | ||||
CVE-2024-5928 | 1 Vipre | 1 Advanced Security | 2024-08-23 | 7.8 High |
VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315. |