Total
1506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3037 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2026-06-17 | N/A | 7.8 HIGH |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server. | |||||
| CVE-2024-39578 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.3 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-38188 | 1 Microsoft | 1 Azure Network Watcher Agent | 2026-06-17 | N/A | 7.1 HIGH |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-38098 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-06-17 | N/A | 7.8 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 7.1 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-38084 | 1 Microsoft | 1 Officeplus | 2026-06-17 | N/A | 7.8 HIGH |
| Microsoft OfficePlus Elevation of Privilege Vulnerability | |||||
| CVE-2024-38081 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2022 and 13 more | 2026-06-17 | N/A | 7.3 HIGH |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-38022 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Image Acquisition Elevation of Privilege Vulnerability | |||||
| CVE-2024-38013 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| Microsoft Windows Server Backup Elevation of Privilege Vulnerability | |||||
| CVE-2024-37143 | 1 Dell | 5 Data Lakehouse, Insightiq, Powerflex Appliance Intelligent Catalog and 2 more | 2026-06-17 | N/A | 10.0 CRITICAL |
| Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. | |||||
| CVE-2024-36486 | 1 Parallels | 1 Parallels Desktop | 2026-06-17 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | |||||
| CVE-2024-36306 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 6.1 MEDIUM |
| A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-36305 | 1 Trendmicro | 1 Apex One | 2026-06-17 | N/A | 7.8 HIGH |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-35261 | 1 Microsoft | 1 Azure Network Watcher Agent | 2026-06-17 | N/A | 7.8 HIGH |
| Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | |||||
| CVE-2024-35254 | 1 Microsoft | 1 Azure Monitor Agent | 2026-06-17 | N/A | 7.1 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-35253 | 1 Microsoft | 1 Azure File Sync | 2026-06-17 | N/A | 4.4 MEDIUM |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||
| CVE-2024-35235 | 2 Debian, Openprinting | 2 Debian Linux, Cups | 2026-06-17 | N/A | 4.4 MEDIUM |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue. | |||||
| CVE-2024-32002 | 1 Git | 1 Git | 2026-06-17 | N/A | 9.0 CRITICAL |
| Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. | |||||
| CVE-2024-31952 | 2 Apple, Samsung | 2 Macos, Magician | 2026-06-17 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2024-30377 | 1 Gdata-software | 1 Total Security | 2026-06-17 | N/A | 7.8 HIGH |
| G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23381. | |||||