Total
1270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28871 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | N/A | 4.3 MEDIUM |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | |||||
| CVE-2023-28869 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | N/A | 6.5 MEDIUM |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | |||||
| CVE-2023-28868 | 1 Ncp-e | 1 Secure Enterprise Client | 2024-11-21 | N/A | 8.1 HIGH |
| Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | |||||
| CVE-2023-28797 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 6.3 MEDIUM |
| Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. | |||||
| CVE-2023-28222 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.1 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-28071 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | |||||
| CVE-2023-28065 | 2 Dell, Microsoft | 4 Alienware Update, Command Update, Update and 1 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | |||||
| CVE-2023-27347 | 2024-11-21 | N/A | 7.8 HIGH | ||
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749. | |||||
| CVE-2023-26088 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | N/A | 7.8 HIGH |
| In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. | |||||
| CVE-2023-25940 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
| Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. | |||||
| CVE-2023-25168 | 1 Pterodactyl | 1 Wings | 2024-11-21 | N/A | 9.6 CRITICAL |
| Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue. | |||||
| CVE-2023-25152 | 1 Pterodactyl | 1 Wings | 2024-11-21 | N/A | 8.4 HIGH |
| Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. | |||||
| CVE-2023-24930 | 1 Microsoft | 1 Onedrive | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability | |||||
| CVE-2023-24904 | 1 Microsoft | 1 Windows Server 2008 | 2024-11-21 | N/A | 7.1 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2023-24572 | 1 Dell | 1 Command \| Integration Suite For System Center | 2024-11-21 | N/A | 4.7 MEDIUM |
| Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | |||||
| CVE-2023-23697 | 1 Dell | 1 Command \| Intel Vpro Out Of Band | 2024-11-21 | N/A | 4.7 MEDIUM |
| Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | |||||
| CVE-2023-22490 | 1 Git-scm | 1 Git | 2024-11-21 | N/A | 5.5 MEDIUM |
| Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. | |||||
| CVE-2023-21760 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.1 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2023-21725 | 1 Microsoft | 1 Windows Malicious Software Removal Tool | 2024-11-21 | N/A | 6.3 MEDIUM |
| Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | |||||
| CVE-2023-21722 | 1 Microsoft | 22 .net Framework, Windows 10 1507, Windows 10 1511 and 19 more | 2024-11-21 | N/A | 5.0 MEDIUM |
| .NET Framework Denial of Service Vulnerability | |||||