Total
1270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21331 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-21 | N/A | 7.3 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2025-0377 | 2025-01-21 | N/A | 7.5 HIGH | ||
| HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. | |||||
| CVE-2024-26238 | 1 Microsoft | 2 Windows 10 21h2, Windows 10 22h2 | 2025-01-16 | N/A | 7.8 HIGH |
| Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | |||||
| CVE-2023-27529 | 2 Apple, Wacom | 2 Macos, Tablet Driver Installer | 2025-01-16 | N/A | 7.8 HIGH |
| Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. | |||||
| CVE-2023-33245 | 1 Minecraft | 1 Minecraft | 2025-01-10 | N/A | 8.8 HIGH |
| Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. | |||||
| CVE-2023-34204 | 1 Imapsync Project | 1 Imapsync | 2025-01-10 | N/A | 6.5 MEDIUM |
| imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. | |||||
| CVE-2024-25953 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-25952 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains an UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
| CVE-2024-29989 | 1 Microsoft | 1 Azure Monitor Agent | 2025-01-09 | N/A | 8.4 HIGH |
| Azure Monitor Agent Elevation of Privilege Vulnerability | |||||
| CVE-2024-28916 | 1 Microsoft | 1 Xbox Gaming Services | 2025-01-08 | N/A | 8.8 HIGH |
| Xbox Gaming Services Elevation of Privilege Vulnerability | |||||
| CVE-2024-21447 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Authentication Elevation of Privilege Vulnerability | |||||
| CVE-2024-30033 | 1 Microsoft | 4 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 1 more | 2025-01-08 | N/A | 7.0 HIGH |
| Windows Search Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-26216 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-01-08 | N/A | 7.3 HIGH |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-7233 | 1 Avast | 1 Free Antivirus | 2025-01-08 | N/A | 7.8 HIGH |
| Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23731. | |||||
| CVE-2024-49059 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-08 | N/A | 7.0 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2024-49107 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 7.3 HIGH |
| WmsRepair Service Elevation of Privilege Vulnerability | |||||
| CVE-2023-33865 | 1 Renderdoc | 1 Renderdoc | 2025-01-07 | N/A | 7.8 HIGH |
| RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. | |||||
| CVE-2024-44211 | 1 Apple | 1 Macos | 2025-01-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | |||||
| CVE-2024-13043 | 1 Watchguard | 1 Panda Dome | 2025-01-03 | N/A | 7.8 HIGH |
| Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478. | |||||
| CVE-2024-1867 | 1 Gdata-software | 1 Total Security | 2025-01-03 | N/A | 7.8 HIGH |
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312. | |||||