Total
1506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25952 | 1 Dell | 1 Powerscale Onefs | 2026-06-17 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-23459 | 1 Zscaler | 1 Client Connector | 2026-06-17 | N/A | 7.1 HIGH |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | |||||
| CVE-2024-23285 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk. | |||||
| CVE-2024-22038 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. | |||||
| CVE-2024-21447 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2024-21432 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2026-06-17 | N/A | 7.0 HIGH |
| Windows Update Stack Elevation of Privilege Vulnerability | |||||
| CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2026-06-17 | N/A | 5.3 MEDIUM |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||
| CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-06-17 | N/A | 7.3 HIGH |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2026-06-17 | N/A | 7.8 HIGH |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2024-1868 | 1 Gdata-software | 1 Total Security | 2026-06-17 | N/A | 7.8 HIGH |
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22313. | |||||
| CVE-2024-1867 | 1 Gdata-software | 1 Total Security | 2026-06-17 | N/A | 7.8 HIGH |
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312. | |||||
| CVE-2024-1753 | 2026-06-17 | N/A | 8.6 HIGH | ||
| A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. | |||||
| CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2026-06-17 | N/A | 7.7 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | |||||
| CVE-2024-13962 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2024-13961 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2024-13960 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2024-13959 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory | |||||
| CVE-2024-13944 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | |||||
| CVE-2024-13759 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion | |||||
| CVE-2024-13043 | 1 Watchguard | 1 Panda Dome | 2026-06-17 | N/A | 7.8 HIGH |
| Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478. | |||||